In the Question of Data Control, APIs are the Answer

Abracadabra, Watch Your Data Disappear

Whoever said ignorance is bliss obviously never unknowingly shared all their data. As we mentioned in a previous post, consumer data is being screen-scraped into the ether and this creates so many issues around control and the assumption of privacy. Once your data is scraped, it’s gone. Neither the bank or institution, nor the end user has any control.

The problem, as ever with the tech industry’s teeny-weeny greyscaled legalise, is that the people it refers to as “users” aren’t genuinely consenting to having their information sucked into the cloud for goodness knows what. Because they haven’t been given a clear picture of what agreeing to share their data will really mean.

Miss Jackson if You’re Nasty

It’s all a question of control. And APIs are the answer. They offer banks and FIs the ability to control what pieces of data and how much are grabbed by a permitted 3rd party. For example, at TradeIt—from some of our brokers’ API—we see only seven days of transaction history, while others might show 30 days. Typically no one provides more than 90 days but the depth of history varies. In addition, for things like an order blotter, some brokers only provide the current days’ orders. These smaller pieces of data ensure less is shared, though what is shared is timely and relevant.

You Get My Data and You Get My Data, Everybody Gets My Data

With screen-scraping, once you provide your ID and password to the 3rd party, their bots do the scraping and can grab anything that’s available, including your transaction history and all of your accounts under that single login. For some banks or brokers—if the broker is part of a larger financial institution that offers a diverse product set—that could be your brokerage account, retirement account, mortgage, even credit card information. Most end users likely don’t realize that once they give the screen-scraper their login, they have it, and they can and will use it until the password is changed. What’s worse most of the screen scrapers don’t have trademark rights to the logos that are on their service integrations, therefore falsely leading the consumer to believe the institution approves it. In the meantime, they’ve still grabbed that data and it’s gone…to who knows where.

APIs Create a Goldilocks Solution, They’re Just Right

In contrast, most APIs are programmed to call for specific account balances since these services and endpoints are more distinct and inherently control more access to just the needed data. This is why the European Banking Federation’s position is that screen-scraping is an outdated, first-generation technology that should be replaced by APIs, which it sees as a more secure way of enabling direct access to customer data for third parties.

Not only do APIs offer a more tailored solution where you essentially get only what you need, they create a huge potential for innovation. As we demonstrated in a previous post about your data being open for business, companies like Fidelity are already showing consumers who has access to their data and allowing them to control whether or not that’s ok with them.

fidelity_access.png

In Tech We Trust

Brokers need to push themselves to invest in APIs. Ever since the invention of the FDIC, FIs have been associated with trust as it relates to consumer’s money. The theory with bank robbery was that they aren’t hurting anyone since the money is insured. Except now with screen-scraping, we are getting hurt…with our privacy…or lack thereof.

As technology evolves and allows for endless possibilities, investing in methods to engender trust and yet that also support the new ways individuals want to interact with their money, track their wealth and/or use tools for better financial decisions, is vital. Brokers and FIs need to enable that, to securely open their data with controls to prevent misuse or even breaches. This is what will create real trust with their users.

Don’t Build a Wall

Firewalls and detours aren’t the answer. It’s not about closing things off, it’s about opening them up. With the new sharing ecosystem, and with millennials having more trust and more interest in tech-driven brands, FIs need to work to remain relevant. In order to do this, you need to be an active member of the ecosystem and invest in technology that supports these behaviors.

Because, while users may be content to share some of their personal info in order to use your service now, it’s only a matter of time before they realize just how much and possibly decide it’s not worth it.

“We have consistently warned our customers about privacy issues, which will become increasingly critical for all industries as consumers realize the severity of the problem.” – Jamie Dimon

Are they really getting what they signed up for, or worse, paid for? You need to provide comfort and control to your user. If you don’t, they won’t tick that agreement box and they’ll move on to someone who can.  

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s