Top Problems with Financial Data Aggregation

Mint.com launched in late 2007 as the first online consumer platform that aggregated financial data from many different services. In just two years, the service attracted 1.5 million users and was sold to Intuit, the popular maker of QuickBooks accounting software, for $170 million.

Since then, a handful of upstarts offering similar services like Personal Capital and SigFig have raised millions in venture capital targeting the investment end of the data aggregation spectrum and providing healthy competition to human financial advisors.

At the same time, banks, brokers, and other financial institutions had been hesitant to provide finance applications with access to sensitive client data. The fear had been that customers and competitors would be able to see sensitive details that might erode a bank's competitive edge.

Also, data privacy concerns have arisen, surrounding sharing client data with third-party fintech firms and financial aggregators. This article reviews the issues facing banks, financial aggregators, and bank clients as well as a new organization formed to help alleviate these data and privacy concerns.

Technological Difficulties

Many financial institutions don’t provide a direct link to data aggregations, which isn’t surprising given their privacy concerns. As a result, data aggregators had been forced to robotically log in to a client’s account and “scrape” the information. The process typically involved a computer program, visiting a bank's website, logging in using a client’s credentials, and reading through code to extract financial information, such as account balances.

With aggregators and financial apps having millions of active users refreshing their accounts multiple times per day, the scraping process has, at times, overwhelmed the servers of banks. The demand during peak periods can be so high that some banks have struggled with system slowdowns, preventing their customers from conducting banking business.

Banks have also struggled with distinguishing data aggregators from hackers trying to conduct fraudulent behavior. Consumers can experience account lockouts in these instances if there have been too many failed attempts to log in, which hurts client relationships.

Consumers Caught in the Middle

Some large banks had responded by banning data aggregators from accessing their websites. In practice, this is done by telling a server to block the IP address of a data aggregator’s computer program. IP stands for internet protocol because it represents the format for which data is sent via the Internet. IP addresses identify a local address of a computer or a network so that information can be sent electronically between devices.

If a bank blocks an IP address, it prevents the data aggregator from retrieving the information. The consumer who is using the data aggregator, like Mint, would see an error message. The bank clients would get frustrated by the inability to interface with their bank using the financial app, which could lead to them switching banking providers. Also, many banks are using data aggregators to power their mobile platforms, making the situation more complicated.

Consumers have been caught in the middle of this struggle between their bank and financial applications. Without the cooperation of banks, the customer might see inaccurate data reported on their data aggregator or might not be able to access their financial data at all. Data aggregators themselves might also cause their online banking experience to slow down or account lockouts.

API-Based Solutions

A solution for banks and aggregators that has surfaced is an application programming interface (API) designed to handle data requests. By routing data aggregation requests to an API rather than a website, traditional customers wouldn’t experience a slowdown due to data aggregator demand and may not even need to expose their login credentials. The data is also more reliable since it hasn't been scrapped in an archaic fashion.

In 2018, several banks partnered with data aggregators and fintech firms to establish an organization designed to create a governance framework for sharing data and privacy. The Financial Data Exchange (FDX) was formed to protect customer data but allow financial aggregators and fintech companies to access the bank account information.

The FDX is governed by a board of directors picked from financial institutions, fintechs, and data aggregators. The FDX is a nonprofit organization in which all of the members pay dues to fund its operation. FDX is an independent subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC), which is an industry association with the goal of ensuring the continuity of the financial services infrastructure.

The FDX has been addressing financial data privacy concerns, including the practice of scraping by third parties. Instead of allowing scraping, consumers who use a financial aggregator are presented with a login screen for their bank, allowing them to choose what data to share with the financial app.

Although there will undoubtedly be issues that arise in the future with securing consumers' financial data, the FDX is a positive step in the right direction. Through cooperation between banks, fintech firms, and financial aggregators, the FDX can help prevent consumers from being impacted by technological glitches while also preventing hacks by outsiders and fraud.

The Bottom Line

Data aggregators have become extremely popular over the past several years, with the rise of services like Mint and Personal Capital. While consumer demand for these services is apparent, in the past, banks and other financial institutions had been hesitant to allow access to client account data. However, with the formation of the FDX, banks have a method of working with financial aggregators and fintech firms to protect client data while keeping their customers happy.