Despite all the talk about big brother-like tactics, Twitter, LinkedIn, and Facebook (the Cambridge Analytica scandal, notwithstanding—but we’ll get to that in a bit) actually provide their users with a significant amount of control. Users can set their privacy and access settings for data downloads, block people, enable and disable logins, as well as receive alerts when they log in from other devices.
Considering how much personal consumer information they have, financial institutions have nothing comparable. In fact, they’re being screen-scraped by everyone from Mint to their own credit card marketing teams. And what’s worse, users may or may not know this. There’s no warning message or communication from the banks to their customers and if there is something, it’s probably buried in the Terms of Service of the scraper itself. Banks have no visibility into the data sharing practices or downstream uses and they have zero ability to turn-off these authentications on the banks’ site.
So while you can choose to block a high school sweetheart or de-link your Facebook account from Tinder, once you set up an auto-payment with Stash to Bank of America, BofA has no control on where the data is going, how the data is used or when the data is accessed. It’s a lose-lose for the banks and consumers.
APIs are the only way to address the issue. The US is already behind Europe’s PSD2 (Second Payment Services Directive) Initiative which creates Open Banking, allowing brokers to open up data via API, providing a secure and compliant means for data transfer. This change provides greater control and limits the potential misuse of screen-scraped data. That’s why the emphasis on control and compliant access is a foundational principle of TradeIt’s platform, providing connectivity to brokers and financial institutions.
After what recently came out with regards to Facebook and Cambridge Analytica, 50 million people just got a big wake-up call when it comes to how their information is being used and disseminated. It’s likely only a matter of time before Open Banking comes to our friendly shores and once it does, everyone’s going to have to play nice in the banking sandbox.
Where’s Jamie Dimon when we need him?
Before this happens, the smart US financial institutions will need to build the APIs and control centers and start educating consumers on the risks associated with scraping and gaining control of their data. In fact, some, like Fidelity, are already doing that. Their new Fidelity AccessSM product allows consumers to see which third parties the consumer has permitted to access their data. Consumers can even go one step further to disable a token that’s in place, thereby removing the connectivity and the third party’s access to the investor’s data.
Under Lock and Key
Privacy and controlled access are a mantra for Financial Institutions and people expect security, especially with the increasing numbers of hacks and data breaches. Now more than ever, providing users with control over who has access to their data is vital. Financial Institutions need to jump on the bandwagon with features that control their customers’ data. And FinTechs who partner with them need to push for APIs with secure and compliant access that allows customers to control that data. Open Banking should spur innovation, not deter it, but it needs to be done with security and compliance at the forefront. After all, they are the tenets of our industry.