This will help customers use popular financial apps to make smart decisions with their money while giving them control over how their data is accessed and used.

When this is implemented, Plaid will access customer information through the bank’s secure API (application programming interface) connection. That will allow customers to share their information more safely and quickly with Plaid and the financial apps it supports while protecting their bank username and password.

The secure API uses a token-based approach to enable a customer to authorize Plaid to download the requested account information on their behalf without Plaid storing their usernames and passwords. Chase expects Plaid to start migrating apps through the bank’s secure API in the first half of 2019.

“This will give our customers more control and visibility into where and how their data is being used,” said Bill Wallace, head of Digital at Chase, the U.S. consumer and commercial banking business of JPMorgan Chase. “This is another key step in our effort to create a safer aggregation environment.”

“We're focused on building an ecosystem that will enable fintech progress for decades to come. That means providing consumers with choice, convenience and a safe way to access their financial data. This agreement represents an important step in that journey,” said Zach Perret, CEO of Plaid.

Routing the data traffic through Chase’s secure API will provide information more directly to Plaid and the financial apps it supports. It will improve the experience for Chase customers by giving them control and visibility over where their Chase data is being used.

Already, Chase’s secure API enables information to be shared securely for 2.3 million Chase consumer and small business customers. The customers can turn access off through Chase’s AccountSafeSM on the Chase Mobile app and chase.com. Chase also is blocking high-volume traffic from IP addresses it doesn’t recognize and can’t validate.

“We want all aggregator traffic to come through the secure API so that customers can keep using the apps they enjoy - and do so with peace of mind,” Wallace said.

The principles behind Chase’s agreements are:

Security: A secure API ensures that customers will give explicit consent to share their data while protecting their bank username and password. Aggregators must agree to bank-like cybersecurity standards to protect this sensitive information.
Convenience: Customers will see their banking information populated into aggregator applications safely and quickly.
Customer control: Customers will give explicit consent for apps to use data from specified Chase accounts, and will be able to turn off access for each account and each app.
Privacy: Chase and aggregators will strive to maintain industry best practices for data privacy and security.