Plaid, Envestnet Yodlee and MX Technologies aren’t exactly household names. But because of their sheer reach, they are some of the most powerful data exchanges in the world. Recently, Plaid said that 1 in 4 people with a bank account in the United States had used Plaid. Data aggregators can bring enormous benefits to financial institutions but they also pose a host of security risks. The best way to solve this challenge is to choose a digital banking platform that uses APIs to ensure that customer information is secure.
They are companies that facilitate data exchange. They connect fintech companies and other financial institutions to a consumer or business’ financial accounts, providing information the companies need to power their services. For example, the person-to-person payment service Venmo uses Plaid to connect with banks and credit unions to transfer funds. Betterfin uses Envestnet Yodlee to get access to cash flow data to facilitate small business loans. When a customer signs up for Venmo or Betterfin, they give those fintech companies access to their bank accounts using data aggregators. The customer typically does not even know Plaid or Yodlee is part of the transaction.
As fintech companies such as Venmo and Betterfin make widespread use of data aggregators, banks and credit unions can use them as well to make their customers’ financial lives easier. For example, Envestnet Yodlee, which serves 15 of the top 20 banks in the United States, can pull data from a variety of sources, including investments and credit cards outside the financial institution. Banks and credit unions can use that information to offer customers a complete view of their financial lives, not just of their bank or credit union accounts.
The Spanish banking giant BBVA USA, for example, has a mobile app and online banking tool that allows customers to track spending using all their checking, savings and credit card accounts, inside and outside the bank. Customers can pre-set budget limits inside the tool and watch the colors change from green to yellow to red as they near or exceed their spending limits. The tool also allows customers to pay off debt and forecast cash flow.
Financial institutions also can use data aggregators to sell products and services to customers. The aggregators can tell you which customers have an auto loan with a competitor or what interest rates customers pay on a competitor’s mortgage. Banks and credit unions can use that information to target customers for specific offers that will be attractive to them.
Data aggregators are also used by financial institutions to ensure compliance with Bank Secrecy Act and know-your-customer regulatory requirements. Data aggregators can verify identities and retrieve names, phone numbers, addresses and emails for account holders. Data aggregators are also used to autofill applications for customers, who then verify the accuracy of the autofill, speeding up new customer applications and onboarding.
Not all banks and credit unions are happy about the security implications of data aggregators. Security is arguably a financial institution’s most important service to its users. The problem is that some data aggregators historically have connected to a bank account using screen scraping, obtaining a customer’s login and password and using that to unlock the bank account. For many, this poses alarming concerns. Will the data aggregators sell the data they obtain, screen scraping much more than they need from a customer’s account? Will they store that information and then lose it in a cyberattack? The bank PNC blocked Venmo recently over the issue of screen scraping.
To answer such concerns, the industry is moving toward using APIs, application programming interfaces. An API is the gold standard for connection with outside firms. APIs are more secure than screen scraping because they allow bank and credit union customers to use third-party applications without giving up their passwords and credentials. APIs also help limit the scope of data the aggregators get. The largest bank in the nation, JPMorgan Chase & Co., requires Plaid and other data aggregators to connect securely to the bank using APIs. It’s expensive and time- consuming to develop APIs in-house. Digital banking providers can develop secure APIs for banks and credit unions so they don’t have to find the staff and time to do so. Financial institutions need to make sure their digital banking providers offer an easy-to-use API solution to power the revolution in banking services.
With secure and accessible APIs, banks and credit unions can leverage the benefits of aggregating data without compromising the protection of customers, resulting in superior digital platforms that are safe to use.