Citibank has amended the operation of its UK account aggregation service in an effort to overcome rival bank objections to consumer password disclosure and security issues.
Citi's My Accounts service was launched in September 2001 and enables users to consolidate data from multiple accounts onto a single Web page. Shortly after launch, Citi was forced to remove a number of UK banks at their request because of concerns over consumers handing over passwords and PINs to a third party. Similar problems have dogged UK Internet bank Egg, which launched its own aggregation service in May.
Citi says its new solution enables customers to secure all their passwords within ‘My Accounts’ before using them to refresh their details as and when they wish. As the customer is doing the aggregating and not the third party aggregator (ie Citibank) the legal issue of disclosing passwords to a third party is avoided.
Jonathan Mindell, sales and marketing director, Citibank International, says the bank has taken advice from independent legal counsel to ensure its service is both legal and compliant: "From today the consumer can gain access to all accounts, including those held with the UK retail banks, as he will not be disclosing his passwords and PINs to a third party. We are disappointed that the UK retail banks dragged their heels over this issue, when it is the UK consumer that has the most to gain."
He says the bank continues to work closely with UK payments body Apacs, which has developed a set of voluntary guidelines for banks to follow when setting up aggregation services, and to consult with industry watchdog, the FSA, which has aired concerns over legal and security issues in relation to aggregation.