Security of customers’ data and financial accounts must always be the first consideration when considering how customers may provide third-party access to their account information, American Bankers Association VP Rob Morgan said in an American Banker op-ed today. The op-ed came in the context of an ongoing debate over “screen scraping,” a process in which consumers provide their online banking credentials to a third-party app or tool — which can introduce significant fraud, security and compliance risks.
“Banks fully support data access and are working to ensure their customers can share their financial data safely, including by building secure portals for data transmission,” Morgan wrote. “This is not as easy as flipping a switch, as some have suggested. First, there is a lot of coordination that needs to happen and banks and fintech companies must address the important issues of security, transparency and control.”
Morgan cautioned that when customers give their online banking login credentials to third parties, they can introduce significant risks. Third-party financial aggregators often limit their own liability for loss, putting that risk on the consumer. “Today, when a consumer forfeits their login credentials, data aggregators typically have access to their full account data for an unlimited time period,” Morgan explained. “Instead, consumers should have intuitive control that allows them to easily view who is authorized to receive their data, modify what access they have and revoke that access when a service is no longer used.”