August 2, 2017

How big U.S. banks will use APIs to share data

Big U.S. banks will continue to add partners to access customer banking data. This is a marked change in their stance from an earlier position of reluctance

2017 could be a watershed year for how U.S-based banks and third-party app providers share data with each other. Since the start of this year, two U.S. banks (JPMorgan Chase and Wells Fargo) have made significant announcements about their agreements to share data with Intuit securely through APIs.

The perils of screen scraping

This is a marked change in the stance by top U.S. banks from their earlier position of reluctance towards allowing third-party personal finance management apps to access their customer banking data. Since there was no formal agreement of data sharing between banks and third-party apps, the latter--like Intuit and Yodlee--had to adopt the older insecure approach called screen scraping. The user has to provide her/ his banking username and password to these apps. These apps will then automatically log in using those user credentials, screen scrape the bank data, and use it for reporting in its apps.

This is problematic on multiple levels, the most important being that the user has to share user credentials with third-party apps. From the bank’s perspective, there is a heavy load on their servers, and this is affecting their banking website performance and operations.

FinTech on the rise

However, the explosion of smartphones and mobile apps and the evolution of FinTech companies have created an environment where third-party apps have become indispensable--a situation that the banks dislike, and their banking apps will never be able to replace them in terms of their effectiveness. In fact, banking regulators in Europe realized this a while back and instructed their banks to share data through APIs.

The agreement between JPMorgan Chase and Intuit says that they will introduce Open Authentication and will exchange data through the Open Financial Exchange (OFX) 2.2 API. JPMorgan Chase customers won’t have to provide their banking usernames and passwords since the technology will use an APIs token-based approach to authorizing Intuit apps to download the requested account information. Similar to the way apps in the social media world operate using OAuth, you can expect third-party apps to ask permission to access sensitive banking data. This is a huge improvement—you end up only sharing particular information in your bank accounts instead of the entire data being screen-scraped.

Bank data goes live

Good news for all the tech and citizen developers out there in the FinTech industry is that these big banks are not going to limit their partnerships only to Intuit. Banks are going to add more and more partners to access their customer's banking data. Therefore, there is an opportunity waiting to make it big and innovative with live bank data. What are you waiting for?