Blog article
See all stories »

Four Myths about Account Aggregation

Jamie Dimon, JP Morgan Chase’s Chief Executive, made some interesting remarks recently on data aggregation:

"They take more of your data than they need to;

Many of them sell the data to outsiders in a way that benefits them but not you;

They often take your data every day, for years, even if your account is inactive;

If your money disappears because of fraud, it’s on you, not the bank."

Is Dimon targeting a whole service industry or just specific service providers?

His words of wisdom are warning to the shareholders and JP Morgan Chase’s clients; be aware, your data is not as secure as you are made to believe. Some can even argue that he’s trying to improve JP Morgan’s offering, but sadly, his words hold some truth; personal data is indeed being sold to third-parties. A few years back, his warnings would have held full truth and wisdom. Now however, we can demonstrate that not all account aggregation offers are the same, not all providers extract data, and definitely not all apps run in the background without your knowledge!

Let us examine each accusation and turn it into a myth! Firstly, there are several different account aggregation models available on the market; server-side and client-side. In both cases the aggregation software uses the customer’s user Ids and passwords to securely access their online banking and other accounts; automatically logging into the website of their service providers. Once logged in, the aggregation software identifies certain financial information, extracts the data and presents it to the user in a consolidated display. Now, here where it becomes interesting, in the client-side model the data, including id and password, is saved on the user’s Personal Data Vault on their chosen device, therefore, some of Dimon’s accusations do not necessarily apply to this model.

Myth one: Account aggregators, or Fintech start-ups, take more of your data than they need to. With client-side, users connect their accounts of choice and personalise what data to share with their service providers via permission settings. If users don't want to share any data with the service provider, then nothing is shared. That's it. With this technology, the power and control is in the users’ hands.

Myth two: Many of them sell the data to outsiders in a way that benefits them but not you. This is fact and cannot be denied; the industry is making millions on data and growing. Greater customer insight leads to increasing profit and lower churn. The question here; is why is the industry the only one benefiting from customers' data? With client-side aggregation, as mentioned above, the user is in control and they can decide to share their personal information with their service provider. Information exchange can help both parties, the users can benefit from getting more back and having tailored services based on their needs and financial situation. The sharing is transparent and explicit.

Myth three: They often take your data every day, for years, even if your account is inactive. With client-side aggregation, personal data is saved in the user's Personal Data Vault (PDV), whcih does not pull data but pushes data when the user opens the app and uses the service, unlocking the PDV. It means that if users are inactive or delete the PDV from their device, they are not accessing the service anymore, thus the PDV can't be open and can't work anymore. eWise patented technology is a customer always present solution, in order to access the data, the user needs to activate the PDV. 

Myth four: If your money disappears because of fraud, it’s on you, not the bank. As the credentials are saved on the Personal Data Vault and never shared with a third party, therefore, not breaching the banks terms and conditions. The service provider does not become a custodian of user's personal data such as login and password. So, if no breach of the T&Cs is done, why should liability change hands?

Wait, is he saying that banks refuse to use account aggregation services? Actually, more and more banks are using these services for a wide range of their clients from high-net-worth to mass-market. Banks and other financial institutions recognise the advantage for them and their customers to have software that connects all bank accounts, investment portfolios and other relevant accounts. We can even see the shift toward account aggregation with the revised Payment Services Directive 2 (PSD2), Banks in Europe have to adapt their systems and security to follow the new regulation and open their Application Program Interface (APIs) to access users' accounts.

Account Aggregation was created to simplify the users’ relationship with their money and their banks. This sector is evolving, with new privacy and security regulations giving the consumers more confidence, the tools will surely change the bank-client relationship, for the better.

a member-uploaded image

Comments: (2)

A Finextra member
A Finextra member 15 October, 2016, 16:42Be the first to give this comment the thumbs up 0 likes

I recently encountered a new personal finance app named Geltbox Money that eliminates the need for third party aggregation services. the user can aggregate his own data without exposing private data to any third parties /web site. This new technology enables the user to download his financial information from any financial institution in the world.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 15 October, 2016, 21:00Be the first to give this comment the thumbs up 0 likes

I've been using the preinstalled Email app on my Android smartphone to access all my email accounts - business, Yahoo! and GMail. All was well until the recent Yahoo! data breach. Nowadays, every time I log into my Yahoo! Mail account on the web, I keep getting a pesky warning about the risk of accessing Yahoo! emails from a non-Yahoo! client and request to switch to Yahoo! Mail app for Android. As of now, I can click "No, I understand the risks" and move on. But, I'm quite sure there will come a day in the near future when Yahoo! will stop letting me access my Yahoo! emails via third party client. If this is the state-of-affairs with email, why should banks be pressured to expose banking data with third-party apps? 

Client-side, server-side - this is all tech mumbo-jumbo. As a Joe Banking Consumer, how do I know that the PFM is only accessing the info for which I give it permission? Until PFMs get certified by third-party auditors as to what they access and don't access, I'd rather believe what Jamie Dimon says.