The Association for Payment Clearing Services (Apacs) has published voluntary guidelines for the aggregation of financial data by UK financial institutions in the wake of a series of spats between banks over consumer security issues.
The UK payments body says the initiative was prompted by the lack of regulation by the Financial Services Authority of aggregation services, and a bid to maintain confidence in aggregation and e-banking systems generally.
It follows a lack of consensus among banks about the sharing of financial data and customer security codes for aggregation purposes. Citibank clashed with rival UK banks following the launch of its MyAccounts facility in October. The service - the first of its kind in the UK - requires participants to disclose the Pin numbers and passwords for all the accounts they wish to view. Citi now claims 10,000 users for MyAccounts, despite the withdrawal of support from UK high street banks.
The Apacs guidelines set out best practice guidelines for aggregators, covering critical areas such as security, password practices, privacy and customer education.
The underlying principle behind the guidelines is that aggregation should take place with the consent of all the parties involved, says Apacs. Specifically, data providers need to provide their consent for data to be collected from their sites.
Apacs recommends the adoption of the guidelines - which were drawn up in consultation with the banking community - by all parties involved in aggregation. However, the Association notes the voluntary nature of the guidelines and stresses that there is no obligation on Apacs members or any other parties to follow the recommendations.