FOREX Magazine
IBP Finance I
IBP Finance I
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
“Banks view the way credentials are shared<br />
in the marketplace as high risk,” Fakhraie<br />
said. “It’s not only that customers are sharing<br />
credentials and they’re out there, but also<br />
the friction and the unreliability of the screen<br />
scraping practice. And customers don’t get<br />
to choose which accounts they want to<br />
share.”<br />
Under the Financial Services Information<br />
Sharing and Analysis Center’s Durable Data<br />
API standard, which the Financial Data<br />
Exchange espouses, consumers are in<br />
control, Fakhraie said.<br />
For example, when a consumer wants to start<br />
using a new fintech app and link a bank or<br />
brokerage account to it, they are passed to<br />
a secure server at the financial institution,<br />
where they are presented with the financial<br />
institution’s consent page and they authorize<br />
the data they want to share with the new<br />
app.<br />
After authenticating, the consumer is passed<br />
back to the app. Data sharing between data<br />
aggregators or fintechs and financial<br />
institutions is done through a virtual token that<br />
identifies the consumer and their accounts.<br />
The standard gives the customer visibility and<br />
control, Fakhraie said.<br />
“They can come to mobile or online banking,<br />
view what data is being shared, and turn that<br />
off and on at any time they choose,” she<br />
said.<br />
But the Durable Data API standard doesn't<br />
directly resolve all such disagreements.<br />
In one recent dispute, a bank claimed a<br />
data aggregator would not agree to delete<br />
data even after a person had stopped being<br />
a customer or using a service. In this case, the<br />
data aggregator also wanted to be able to<br />
obtain routing numbers and move money in<br />
and out of bank accounts which the bank<br />
didn't want to allow.<br />
The Durable Data API standard doesn't<br />
resolve these issues.<br />
“But we think it will solidify and pave the way<br />
for how data is shared,” Fakhraie said. The<br />
FDX is also thinking of creating a governance<br />
framework for the privacy and security of<br />
data sharing, she said.<br />
Another complaint data aggregator have at<br />
times made is that banks make them sign<br />
onerous bilateral agreements that put too<br />
much liability on the aggregator, not enough<br />
on the bank.<br />
“Those are issues that will continue to be in<br />
the forefront of the minds of organizations<br />
tasked with maintaining the security of<br />
consumers’ data,” he said.<br />
Finicity has signed a number of bilateral<br />
agreements with banks including Wells Fargo<br />
and USAA, Smith noted.<br />
“We have always as an organization<br />
suggested the bank is a custodian of their<br />
customers’ data, and needs to maintain the<br />
security of that data and needs to be<br />
concerned about that data,” he said.<br />
Some data-sharing disputes may be settled<br />
by simply having all parties hash them out in<br />
FDX meetings. The group has been holding<br />
monthly board meetings and it meets in<br />
person quarterly.<br />
A data aggregator working group has also<br />
been meeting regularly.<br />
“I think this will be a great forum for the<br />
interchange of ideas, discussion and<br />
progressive development of standards for<br />
the industry,” Smith said.<br />
“We’ve been in this space for about four<br />
years, and this has been refreshing to be able<br />
to have that conversation, not only with<br />
other financial institutions but also with<br />
aggregators and other players within the<br />
ecosystem,” Fakhraie said. “We all share a<br />
common goal, which is sharing data in a<br />
more secure, reliable way where a customer<br />
has control over it.<br />
43
Change language