Consumers are concerned about privacy and want more control and transparency when sharing their personal financial data. In a 2019 survey by The Clearing House, more than two-thirds (68%) of respondents said they are very or extremely concerned about data privacy when they use fintech apps. The survey also found that 38% of respondents said that they would not use an app that stores their bank account credentials, but almost all fintech apps that rely on customer data access also rely on collecting and storing those credentials.

Once consumers provide fintech apps with their bank account credentials (account ID and password) and provide their consent through a “click thru” agreement, the apps gain the ability to log in as the consumer and collect or ‘scrape’ data relating to the consumer. There are currently few restrictions, best practices, guidelines or agreements that govern how fintech apps and data-aggregator intermediaries share or resell consumer data to third parties and consumers may have limited control over how their data is being used or shared. Further, the storage of bank account credentials if not adequately protected has the potential to create substantial risk in the event of a data breach.

Connected Banking is TCH’s initiative that promotes the sharing of customer data between banks and third parties in a safer and more transparent manner. Current practices, such as screen scraping, enable bank customers to share their financial data with thousands of fintech apps but may also put consumer privacy and security at risk.

In the European Union, the Revised Payment Service Directive (PSD2) is driving an initiative known as Open Banking – enacted in November 2015 and rolling out in stages – that bans screen scraping and requires banks to grant third parties access to customer data via dedicated interfaces. It also requires that these interfaces can only be used in rendering the specific services the third party provides to the consumer.

Connected Banking is a principles-based private sector solution that seeks to enable a financial data exchange ecosystem that is positioned for long-term growth and sustained innovation.

Open Banking’s approach is regulatory and prescriptive. Created by parties who don’t live and breathe the work of financial data exchange every day, Open Banking has produced some unintended consequences. For example, the mandate to ban screen scraping and adopt Application Programming Interfaces (APIs) failed to address standards for APIs. As a result, individual banks created their own individual APIs which don’t integrate with each other, creating inefficiency and significantly slowing adoption.

Today’s banking customers have access to thousands of financial technology applications. These fintech apps help customers with a variety of financial management tasks. Most fintech apps currently access customer bank data to power their services by obtaining the customer’s banking platform account ID and password and then utilizing a process called “screen scraping.” This current system of data sharing limits consumer control and may create data privacy and security issues. TCH, its member banks and other stakeholders have undertaken efforts to increase awareness and facilitate solutions through the adoption of safer and more secure API methods.

Connected Banking promotes the safer and more transparent sharing of financial data through work with other industry organizations on the development and implementation of standards for Application Programming Interface (API) technology, the development of a model contract to facilitate agreements between banks and third parties, and the creation of tools to increase the efficiency of third party risk management due diligence.

TCH is working with our member banks and other stakeholders through TCH and other organizations on technical standards and other tools to support safe and efficient data sharing. We expect additional components of Connected Banking to be rolled out to the data-sharing ecosystem in the future.

• Financial Data Exchange (FDX): TCH is a member of the Financial Data Exchange (FDX) which is a nonprofit dedicated to developing a common standard for the secure access of consumer and business financial data. The FDX community is comprised of 55 financial industry organizations – from banking core processors to fintechs and banks that are currently developing standards for Application Programming Interfaces (APIs) and industry technical standards that prioritize security, transparency, and user experience.

• Model Contract: TCH has developed a Model Contact that can serve as a reference for financial institutions and data aggregators to facilitate bilateral agreements regarding financial data sharing through APIs.

• Centralized Assessment: TCH has developed a new, centralized tool in the form of a standardized question set to streamline and make more efficient for all parties the due diligence process required for banks to share consumers’ approved data with third parties. The question set is currently being piloted by third-party assessment service provider TruSight; the data aggregators Finicity, Plaid and Intuit; and Bank of America, BB&T Bank, JPMorgan Chase, PNC Bank, TD Bank, and Wells Fargo.

Enabling the safe exchange of bank-held data will require collaboration across the entire data-sharing ecosystem. TCH has a history of successfully fostering this type of collaboration. TCH and our member banks are invested in ensuring the safety and security of the financial system. Under current practices, our 24 owner banks estimate that up to 45% of their bank website logins come from data aggregators. This high volume of logins can strain banks’ abilities to distinguish between malicious bots and legitimate apps. While many banks have developed additional technological methods to identify the source of website logons, the screen scraping process adds risk to the financial system.