Close
ThinkAdvisor

Retirement Planning > Social Security

When Banks Cut Off Data From FinServ Sites, Who Wins?

X
Your article was successfully shared with the contacts you provided.

Several banks have recently cut off the flow of their information temporarily to some websites and mobile applications that aggregate consumer financial data, according to The Wall Street Journal.

While banks have every right to cut their data off from aggregators, could doing so negatively affect investors and advisors?

Data aggregators – like Mint, Quicken and CircleBlack – give consumers the ability to easily and accurately view all of their financial information in one place to help them make more informed financial decisions.

“I think there is a balance of clients’ rights of information and clients’ desire to have their information secure,” John Michel, CEO of CircleBlack, told ThinkAdvisor. “And I think, as an industry, we need to continue to make sure we’re providing the best security possible, but in the end, clients are going to choose applications that provide them with time-saving, ease, convenience, etc.”

The Wall Street Journal reports that Bank of America, as well as JPMorgan Chase and Wells Fargo, recently disrupted the data flow to such sites.

According to a spokesman for Wells Fargo, “there was no deliberate or proactive effort on our part to block or hinder any of the aggregators’ accesses to our systems at any point in recent past.”

It’s possible that customers’ flow of information may have been “inadvertently” and “temporarily” affected during a standard update to Wells Fargo’s security protocols, the spokesperson said.

“There was never any proactive, deliberate attempt to restrict access,” he told ThinkAdvisor. “Some of these security protocols may have inadvertently effected individual customers from getting this data.”

As part of Wells Fargo’s ongoing efforts to make adjustments and improvements, “something may have caused one of the aggregator servers as they were doing the screen scraping,” or data transfer, “it may have caused the scrape to break because it may have seen something it wasn’t familiar with.”

JPMorgan and Bank of America did not respond to requests for comment.

According to the Journal, banks worry that the aggregator sites may threaten consumers’ account security and the performance of bank websites.

Michel, however, doesn’t see “any evidence of that.”

“I do agree that if I am a provider of a service that I need to make sure the consumer data is secure,” Michel said, adding later, “There have been a number of break-ins at different companies through data – as far as I know, none of them have been through any sort of data aggregation service. I think we all as an industry owe it to the end American consumer to both provide the best security possible and the services that those customers want.”

Banks have every right to be worried about customer data, said Luke Wentz, IT security officer at Orion, a firm that creates tech solutions for advisors.

“I think banks should be concerned about the security of assets,” Wentz told ThinkAdvisor. “As soon as you let someone else access your data, that opens up another avenue for hackers and attackers to get at that data.”

While Wells Fargo has “no immediate concerns” regarding the security of data aggregators, the firm does have more broad concerns.

“We have expressed concern to others that customers should have the ability to access third-party servers without exposing their username and password,” which most third-party aggregators require, the Wells Fargo spokesman said.

“We believe that there are more secure, more reliable ways of having financial services companies exchange info … that don’t require usernames and passwords. And we’re supportive of exploring those avenues.”

Brad Burgess, chief technology officer of Orion, agrees with Wentz that banks need to protect their data, he is an advocate for those who are customers of the bank and aggregator.

“Certainly [banks] have the right to protect the data from the assets that they hold,” Burgess told ThinkAdvisor. “It’s their intention that they want to make sure there is no possibility of a breach of the data for the accounts they manage. So that’s understandable entirely, but then again, the customer should have the right to view their data how and when they want.”

Restricting the tools that the investors and advisors can use, Burgess says, is “ultimately more harmful for the investor.”

“It seems to me like the investors deserve to have their data if they want to have their data,” Burgess said.

Neither Orion nor CircleBlack were among the firms whose data flow from the banks was disrupted.

The Wall Street Journal reports that JPMorgan restricted customers of Mint.com and Quicken, two products of Intuit Inc., from seeing information about the customers’ own bank accounts through the Intuit products.

And Bank of America, according to the Journal, took steps in July that led to at least two aggregators being shut out, one of which was shut out for about four hours.

A spokesperson for Mint said the aggregator has remained focused on safeguarding customers’ personal and financial information. 

“Delivering secure and seamless connectivity is a shared priority across Mint and thousands of our financial institution partners,” the spokesperson said in an emailed statement. “We continuously work with them to ensure we deliver a great customer experience. This includes upholding our rigorous data stewardship and privacy policies.”

What can these banks and aggregators do to find peace? Wentz and Burgess had a few suggestions.

“One of the things I think that banks can do is actually pull up their management program, where they go out and reach out to the data aggregators and say, ‘Hey we want to partner with you, we’d like to make our [data] available to you. But in order for you to have access to [our data] or whatever, you’ve got to meet these security standards and make sure they’re up to date before we allow access,’” Wentz said.

This would, according to Wentz, allow banks to have tighter control of what aggregators have access to, as well as make sure aggregators are keeping up to date with security procedures.

“The banks should every right to cut off access until the aggregators [are back up to par] with their security,” Wentz said.

In turn, aggregators should make sure their data security is valid and substantial enough to protect the data they have access to, Burgess said.

“The best thing that the aggregators can do to make sure they can continue to make sure they have access to this data from the banks would be to make sure their own security programs are established, that they’re being followed by their staff, and make sure they are using a valued, current protocol to protect themselves from any kind of a breach or any form of unauthorized access,” he said.