A battle, it seems, is brewing between some major banks (JPMC and Wells Fargo, so far) and a string of popular websites designed to help people better manage their money. Tired of competing and concerned about the security and efficiency of their servers, the banks are getting a bit stingier with their customer data and have reportedly been intentionally “snarling the flow” of data to those sites as a means of limiting how much data they pass on.
Banks’ complaints about aggregator sites are not new. Because of the in-depth customer information they require from users, they’ve long been identified as a security risk. However, complaints have turned into actions in the last few weeks, as both Chase and Wells have restricted Mint (an online aggregator) customers from accessing their bank account information for at least several days, according to those effected.
Mint, like many other similar sites, advertises as a sort of one-stop shop for the entirety of a consumer’s financial data. After registration (which usually requires coughing up passwords and other logins for their various financial accounts), the site then collects all that data, aggregates it and makes financial planning suggestions. And while these sites are not new, the mainstream banks complain they are reproducing exponentially and ever-widening the slate of services on offer.
Some of these offerings compete directly with bank services. In response, banks offer a simple argument: Putting so much consumer data in one place is like hanging a giant neon sign for cybercriminals that says, “Hack Me.”
However, it is notable that no aggregator has been hacked.
But the risk is there, note the banks, as is uncertainty about the results of a hack if one were to occur. Would consumers’ finances still be protected by a bank if they voluntarily handed their confidential data over to an aggregator that got hacked?
And the story gets more complicated because while, in some cases, banks and aggregators compete, they also collaborate to provide financial services for banks’ customers.
The recent flare-up came about when JPMC throttled Mint’s access to its site because it claimed its systems were being flooded by Mint requests during an otherwise high-traffic time. The throttle, the bank maintains, was a technical issue, not “a shot across the bow” to prove it could.
As for the bigger issue, some banks have started warning customers about the security risks inherent in working with third-party firms.
However, the campaign does line up temporarily with banks’ recent efforts to maintain their customer connections in an era of well-funded startups offering financial services without some of the restrictions banks face. Banks restricting data is at least one way to edge that competition, though not a popular way.
“We should live in a world where consumers should have access to their full transaction histories and shouldn’t need permission from the president of a bank to make that available” to other service providers, says Thomas Brown, a partner at law firm Paul Hastings LLP who represents companies that utilize financial data.
People familiar with the matter told The Wall Street Journal that throttling is likely to continue, if for no other reason than to prevent aggregators from overwhelming banking sites.
Banks are also taking their case to the regulators. In what has got to be one of the few voluntary meetings he’s ever had with a big bank’s CEO, CFPB Director Richard Cordray and JPMC CEO James Dimon recently took a meeting on the matter.
Representatives of JPMorgan and the CFPB declined to comment on the meeting.
To check out what else is HOT in the world of payments, click here.