Consumer-permissioned data — as a concept — is nothing new in financial services.
Look back across the past few decades, Jamie DelMedico, vice president and head of product for Fiserv’s BillPay, Aggregation and Verification Services, told PYMNTS in a recent interview:
“When aggregators started coming into the market, there was always some level of consumer permission to access their data. The consumer had to enter their credentials into a widget, and then the aggregator would use those credentials to go into a financial institution and ‘grab’ data from that FI to use for various purposes.”
In at least some cases, the data might be used only for the express purpose with which the consumer had engaged with the aggregator to begin with, DelMedico said. In other cases, the aggregator may have had access to more data than was needed — and used that info for other purposes, such as marketing.
Fast forward to the present day, and the emergence of the open standard known as OAuth has the potential to change the way information is shared, shifting from an environment where a significant amount of data is collected and shared through screen scraping.
As DelMedico said, “There’s a lot more consumer control, FI control, and even government control, over the use of that data.”
The consumer still has to authenticate with the FI the way they had with the aggregator. But in this case the individual is authenticating directly with the FI — rather than sharing credentials with a third party or FinTech or aggregator. Tokens are issued to secure the data, the tokens are shared with the third parties … and no one can “pull” data the consumer had not permissioned in the first place.
“The consumer has the ability to revoke that token when they see fit,” said DelMedico, adding, “The FI has the ability to somewhat control or ‘throttle’ the data that they’re providing back to that aggregator or that third party FinTech based on the use case that consumer has provided their permission to access.”
Thursday, Fiserv said it would collaborate with Akoya, the API-only network for consumer-permissioned financial information sharing, to enable streamlined and secure data flow between FIs, third parties and customers.
At a high level, DelMedico said, the pact broadens, securitizes and standardizes access to data as consumers opt to share their details with apps.
“It’s a two-way data sharing relationship between Akoya and Fiserv,” said DelMedico, who added that Fiserv enables data connectivity though APIs for hosted financial institutions — and those financial institutions will now be “live” within Akoya’s network.
In terms of the mechanics, Fiserv will have direct API access to consumer data from Akoya’s FI network. Akoya will leverage Fiserv’s AllData Connect to access consumer data from more than 2,800 financial institutions. The direct, tokenized data sharing relationship (via API), DelMedico said, enables consumers to share specific details without having to share log-in and other data with third parties.
“In terms of onboarding or connecting an account,” DelMedico said, “OAuth is a much simpler mechanism to use.” He offered up the example where a user pulling up their Chase banking app would authenticate themselves with a token or even biometrics, and then pick and choose among the accounts they want to connect for various reasons to various FinTechs or aggregators — without passwords or usernames.
“This mean more reliable access,” he said of Fiserv and Akoya’s joint efforts, “to data through those APIs — and it means that standardized data is coming through those APIs. … We’re covering a large part of the market with this OAuth experience.”
The end result, he added, is that the consumer has more say over who accesses their data — and for what purposes.
Against that backdrop, DelMedico said, the stage is set for a wider embrace of pay-by-bank options — which have caught on in Europe (where open banking is more firmly entrenched) but have been slower to gain ground in the States.
“This gives more options to consumers in terms of how they pay at a merchant,” DelMedico said, “whether it’s brick and mortar or eCommerce,” and also offers the merchant a chance to offer rewards tied to those faster payments. DelMedico also said that pay by bank and more secure information sharing might broaden financial inclusion for those who opt not to pay with cards, but feel comfortable connecting their bank accounts to transact.
Looking ahead, he said, “Our goal is to grow in the OAuth market to provide more coverage of DDA [demand deposit] accounts.” The use cases that may see increased adoption include, as another example, helping gig economy workers manage their finances and access their wages as they’re earned.
The work with Akoya, he said, anticipates and seeks to “get ahead” of the eventual revised guidance on Dodd-Frank Section 1033, which governs consumer access to financial data and open banking in general.
The Thursday announcement of the collaboration between Fiserv and Akoya, he told PYMNTS, “is about making sure those connections, in the long run, are more secure, that the consumer has control over their own data, and that we’re operating within the regulations.”
And, he added, “There’s a lot of ‘new’ control added in the world of OAuth that did not exist before.”