The data networks that connect payments and other financial apps to users’ bank accounts are scrambling to standardize data access by moving to application programming interfaces and away from an older, cruder form of access known in the business as “screen scraping.” The effort comes as financial apps gain popularity and regulators like the Consumer Financial Protection Bureau mull rules for data sharing, the heart of what the industry calls open banking.
The concern with screen scraping is that it relies on the use of passwords and other personal credentials held by consumers to link apps like Venmo and Square Inc.’s Cash App to accounts at financial institutions. Fearing security issues, “a lot of the industry is starting to transition from credential-based to API-based access,” says John Pitts, global head of policy at Plaid Inc., a major data network.
A big move in that direction came Wednesday with news from Lehi, Utah-based data network MX Technologies Inc. that it is introducing a set of open-source software offerings collectively called MX Open. The new platform includes an API that can allow financial institutions and fintechs to connect users to their financial data. MX announced earlier this month that it had built a network of more than 50,000 connections to financial institutions and fintechs, outdistancing the estimated number of links established by other data networks.
“MX Open gives organizations the tools they need to define and launch their open-finance strategy and innovate faster with the vendors and technology providers that will serve their customers best,” said Brett Allred, chief product officer at MX, in a statement.
Then, on Thursday, financial-services technology giant Fiserv Inc. announced AllData Connect, its own solution for data sharing among fintechs and banks. “This process can be difficult for financial institutions to support if screen scraping impairs online banking performance, or when login credentials are stored at unaffiliated third parties,” said Paul Diegelman, vice president of digital Payments and data aggregation at Fiserv, in a statement. “AllData Connect gives financial institutions the ability and insight they need to confidently empower consumers to share their financial account information.”
Even so, Plaid’s Pitts estimates that about 90% of data sharing is occurring outside of APIs, typically by means of acquiring credentials from users. “Only the top 10 to 20 banks have made progress developing their own APIs,” he notes. “If there were a prohibition on screen-scraping, there would be this two-tier system where customers of small community banks wouldn’t have access.” Plaid offers its own API called Plaid Exchange.
Visa Inc. said in January it was paying $5.3 billion to acquire San Francisco-based Plaid in a deal that is undergoing review both in and outside the United States. The Competition and Markets Authority in the United Kingdom granted clearance last month.
At the same time, the Financial Data Exchange, a trade group for open banking, is working on a cross-industry standard API for data sharing. MX and Plaid are among the more than 100 members of the Reston, Va.-based FDX, which operates under the auspices of the 21-year old Financial Services Information Sharing and Analysis Center (FS-ISAC).
Industry standards are one thing, but the federal government is also likely to lay out its own rules. The CFPB in July said it plans to set out a so-called advance notice of proposed rulemaking for consumer-permitted access to financial data. The Bureau’s interest in the matter rests on Section 1033 of the Dodd-Frank Act, which bears on consumers’ access to, and use of, their financial records.