2017 could be a watershed year for how US-based banks and third-party app providers oshare data with each other. Since the start of this new year, two U.S. banks (JPMorgan Chase and Wells Fargo) have made significant announcements about their agreements to share data with Intuit securely through APIs.
This is a marked change in the stance by big U.S. banks from their earlier position of reluctance towards allowing third-party personal finance management apps to access their customer banking data. Since there was no formal way of data sharing agreement between banks and third-party apps, the latter had to adopt the older insecure approach called screen scraping. These third-party personal financial management apps (made by companies like Intuit and Yodlee) currently use screen scraping. The user has to provide his or her banking username and password to these apps. These apps will then automatically log in using those user credentials, screen-scrape the bank data, and use it for reporting in its apps.
This was problematic in multiple accounts, the most important being that the user had to share their user credentials with third-party apps. From the bank’s perspective, there was a heavy load on their servers, and this was affecting their banking website performance and operations.
However, the explosion of the smartphones and mobile apps and the evolution of FinTech companies has created an environment where the third-party apps have become indispensable, a situation that the banks dislike, and their banking apps will never be able to replace them in terms of their effectiveness. In fact, banking regulators in Europe realized this a while back and instructed their banks to share data through APIs.
The agreement between JPMorgan Chase and Intuit says that they will introduce Open Authentication and will exchange data through the Open Financial Exchange (OFX) 2.2 API. JPMorgan Chase customers will avoid giving their banking usernames and passwords since the technology will use an API token-based approach to authorizing Intuit apps to download the requested account information. Similar to the way apps in the social media world operate using OAuth, you can expect third-party apps to ask permission to access sensitive banking data. This is a huge improvement — you end up only sharing particular information in your bank accounts instead of the entire data being screen scraped.
Good news for all the tech and citizen developers out there in the FinTech industry is that these big banks are not going to limit their partnerships only to Intuit. Banks are going to add more and more partners to access their customer's banking data. Therefore, there is an opportunity waiting to make it big and innovative with live bank data. What are you waiting for?