Don’t Believe Everything You See
“Trust is a key strategic asset which creates growth opportunities and defends against competition. It allows deeper customer engagement across products and services.” – Nobel Prize winner, Robert C. Merton
We’re going to talk about screen-scraping again. Because we think it’s so important to be aware of what this means for both consumers and FI’s. You can get more background on the process of screen-scraping and what it means for the future of banking as well as the importance of API’s and innovation in our previous posts here, here and here.
One of the ways screen-scrapers are getting access to customer data is through a halo effect.
This is the foundation of the modern concept of brands. Essentially it means that when we develop a favorable impression of a brand when interacting with one partner at a firm we tend to view the whole firm in a favorable light. Our impression of that firm’s brand is strengthened. Thus creating a halo around that entire firm that is associating with the other brand.
Screen-scrapers are using logos to build trust and credibility and then turning around and selling the data they’ve so trustfully obtained. By using the logos and trademarks from financial institutions, it engenders trust among the end users who associate the brand of Broker X with their money and the security that their financial institution provides. However, most FIs have not in fact granted permission or rights to the screen-scraper for them to use the logos in the first place. The trust of the logo makes an association for the end user, but this is an abuse of the institution’s mark and negatively impacts the end user and the institution itself.
The Anti Trust
Let’s be honest, most Americans aren’t enamored with big banks or financial institutions these days. However, seeing a logo of a familiar name in one of their finance apps will undoubtedly create a feeling of assurance that things are on the up and up; that their information is safe. As an end user, we’re putting our faith and trust in the visual association of the broker or bank brand on a third party site. And in this case, that trust is unfounded.
I Didn’t Sign Up for This
When this logo appears, it signals to the end user a perception of the financial institution’s endorsement of the technology, thus they willingly link their account. As we’ve argued in previous posts, the screen-scraper can then go in and grab their data — any of their data — and use it and sell it. These companies are selling that data many times over, charging their partners per linked user. But where’s the end user’s cut of the profit? And how many places are they selling it to?
Millions of Customers + 1000s of Companies = Millions of Screens Scraped and Countless Data Points Up for Grabs
An Ounce of Prevention
Luckily, all is not lost. Companies like Fidelity and Ally are ensuring their information is secure and are increasingly moving towards APIs for third parties to access their clients’ data. In fact, TradeIt’s SDK specifically helps partners integrate our technology, allowing their developers to integrate faster with simple customizations. This ensures the end user that they’re protected and gives them total control over what happens to their data. By partnering with brokers to access their APIs, TradeIt only accesses the information that the broker makes available.
Here’s how it works:
- Through a broker’s API, we allow the end user to log into their brokerage account securely.
- We don’t view, access or retain their log-in credentials.
- After the user consents, the broker provides an encrypted token.
- This token will expire, and once it does, the connection is severed.
- In order to continue to view their portfolio and/or send buy or sell orders from their favorite app to their broker, the end user will need to relink their account.
How this differs from traditional screen-scraping is simple: we don’t retain log-in credentials and continue to access and scrape the end user’s data however we see fit. Their information is not available to us. Nor should it be. Not only is this safer in the event of a data breach, it provides true trust with the end user. We only show the logos of brokers with their permission.
Many Financial Institutions are requiring aggregators to sign agreements where the aggregator/screen-scraper is liable for the data in the event of a breach. Not surprisingly, many aggregators are pushing back and not signing these agreements (ostensibly because it cuts off their revenue stream).
But, as we move into more transparency around banking, brokers are embracing this change. TradeIt has consent pages and end-user agreements that explicitly inform the investor that we’re accessing their data on their behalf. It’s more than just a logo, its an agreement between the broker and the third party. This puts the end user at the forefront, not on the backburner. Which is where they should be in the first place. After all, it’s their information.