The Future of Payments

A Matter of Trust 56 BANKING PERSPECTIVES QUARTER 4 2018 efficiency, and convenience of consumer financial data sharing. These priorities build upon the BCFP’s October 2017 consumer protection principles. 3 Its goal is to outline secure methods for accessing sensitive financial information; to enhance the security of third-party data collection, access, and use; and to develop a consensus within the FinTech and financial services industries on best practices for data aggregation and sharing. In our work, TCH and our industry partners follow three guiding principles: • Act in the best interest of consumers to help them better manage their finances while protecting their data privacy and security. • Protect and enhance the stability and safety of the financial services industry to reduce overall risks and create resilience. • Foster efficiency by helping all parties interact and share data in faster, less burdensome and less costly ways, and provide consumers better access to their data. TCH’S PRIORITIES FOR IMPROVED CONSUMER FINANCIAL DATA SHARING With the guiding principles in mind, TCH and other stakeholders are working on a number of priorities that will contribute to a more secure, efficient, and convenient financial services ecosystem (Figure 3). SUPPORT FOR APPLICATION PROGRAMMING INTERFACES (API S ) One of the key vulnerabilities in the current system is that many FinTech apps require access to consumers’ bank account login credentials to perform their services. After a third party has obtained a consumer’s credentials, it can theoretically access any information on the consumer’s bank account(s), perform any activity the consumer could, and share or sell the consumer’s bank account information. There is also the risk of login credentials being compromised if a FinTech app experiences a data breach. Fortunately, there is a secure and flexible alternative mechanism for third parties to access consumer data. “Application programming interfaces allow consumers to share information with FinTech apps and other third parties without giving away their bank account login credentials,” says Lila Fakhraie, co-chair of the Financial Data Exchange (FDX) and manager of the Digital Banking API team at Wells Fargo. “APIs enable consumers to enjoy the advantages of FinTech apps while providing them with greater control over the sharing of their data and maintaining the security of their account relationship.” TCH and our member banks strongly support broader adoption of APIs within the financial services ecosystem. API TECHNICAL AND SECURITY STANDARDS Just as the financial services sector has yet to reach consensus on a preferred method for consumer data sharing, there are also no universally accepted standards to which SUPPORT FOR APIs API TECHNICAL AND SECURITY STANDARDS TRUSTED THIRD PARTIES MODEL AGREEMENT CONSUMER PERMISSIONS AND CONTROL MECHANISMS APIs allow consumers to share information with FinTech apps without giving away their bank account login credentials. APIs offer better security and greater control over personal data. Shared data aggregation and security standards would enhance safety, facilitate data sharing between banks and third parties, and get new nancial services products to market faster. Currently, security protocols dictate that nancial institutions often investigate data requests from FinTech apps with the same scrutiny as requests from other, less trustworthy third parties. A registration and assessment process would enable FinTech apps to become trusted third-party requestors of consumer nancial data more easily and effectively. Entirely voluntary, the use of a standardized model agreement developed by TCH would save time and resources for both banks and FinTechs, making deployment faster and cheaper. TCH and its member banks drafted guidelines in six areas for mechanisms that allow consumers to authorize and control the aggregation and sharing of their information. FIGURE 3: INDUSTRY PRIORITIES Source: The Clearing House