Why Silicon Valley is watching the screen scraping debate

Register now

WASHINGTON — The debate over screen scraping has long pitted banks against fintech companies, but it has also recently captured the interest of another powerful interest group: Silicon Valley.

That dynamic is set to make it one of the policy debates to watch closely in 2017, as companies like Google and Amazon are slowly starting to weigh in.

"We think it's really important that that access [to bank account data] not be blocked," said Brian Peters, the executive director of Financial Innovation Now, an advocacy group that represents Amazon, Apple, Google, Intuit and PayPal. "It's up to the consumer to decide what technology they want to use and what level of privacy and security they want."

At issue is the process of gathering financial data on users by obtaining their permission and login information to enter their account. Companies like Yodlee and Mint have turned screen scraping into a valuable service for consumers and third-party financial providers hoping to sell them services.

But banks have raised concerns over screen scraping, citing worries about cybersecurity and privacy. Last year several large banks were accused of denying screen scrapers entry into their systems.

"Customers should be able to trust that their financial data is secure whether it's at a bank or not," said Rob Morgan, the vice president of emerging technologies at the American Bankers Association. "Today when they share the login credentials they're sort of opening the barn doors and you can't put the horse back in.

If Silicon Valley enters the debate in force, it might tip the scales in the debate. In a letter to President-elect Donald Trump last month, Peters urged the incoming administration to adopt fintech-friendly policies. Financial data numbered among the group's top priorities.

"FIN recommends that your administration work to empower consumers to securely access their own accounts via whatever application or technology they wish, without charges that favor any one application or technology over another," Peters wrote.

Like fintech companies, large tech firms are depicting their position as a defense of consumer options.

"A consumer should be able to choose to allow whatever technology provider they want to enable them to do a number of things with their finances," Peters said. "If financial institutions or banks have a competitive interest in withholding that, they should think twice about that because it's not in the interest of their customers."

Banks, meanwhile, say they are not trying to block consumers from using the applications they like. Rather, they are trying to protect their data.

"At the end of the day the customer needs to have the ability to share that data," Morgan said. But, he added, "You need rules in place where you can trust that the data is being protected in the same way whether it's at a bank or not."

Regulators also appear ready to weigh in on the side of Silicon Valley and fintech firms. Consumer Financial Protection Bureau Director Richard Cordray issued a stark warning to banks in October.

"Let me state the matter as clearly as I can here: We believe consumers should be able to access this information and give their permission for third-party companies to access this information as well," he said.

The CFPB has even opened the door to issuing new rules by requesting public comment on financial data access questions.

Observers said these early skirmishes are just the beginning of a long, drawn-out war over ownership and control of financial data.

"Right now, technology companies with a few exceptions don't get a lot of specific data about your overall financial life or your financial capability from their dealings with you," said Todd Baker, the managing principal at Broadmoor Consulting. "They would love to have that information. Their whole business model is based on what they know about you."

The gold rush to financial data appears to be already underway.

"Technology companies are trying to integrate financial services into their products," said Pratin Vallabhaneni, an associate at Arnold & Porter.

Indeed, with the rise of the Internet of Things — which describes connected objects like FitBit or Amazon Echo — the line between the Wild West of online data and traditionally more secure financial data is thinning.

It's easy to imagine a multitasking, all-knowing evolution of Siri or Amazon's Alexa armed with millions of data points, including transactional data, credit score history and upcoming mortgage payments.

"You can say, 'Assistant, open my blinds!' It will do that," Vallabhaneni said. "And you can say, 'Assistant, what is my bank balance?' and it will also do that. … As younger people get really comfortable with receiving personal money management, banking and retirement advice not from a human being in an office but through digital means, one can imagine that there's an audience for something like this."

Companies and their lawyers are still working to determine what laws govern financial data once it has left a bank's systems. Though it is likely not to be covered by laws and regulations affecting banks — like the Gramm-Leach-Bliley Act — it could be subject to a patchwork of state consumer protection and privacy laws.

The question is also complicated by the fact that data is being passed along from the bank to the intermediary to the consumer-facing fintech company. It is unclear whether customer disclosures are required at every step.

"A lot of firms are exploring how to do this and there aren't necessarily standard market practices right now," Vallabhaneni said. Such integration "raises questions about who provides customer disclosure, who's the owner of the data and who's just a conduit for the data."

Some observers warn that current laws governing consumer data rights might not be adapted yet for a big migration of financial data.

"A regulatory scheme should be created to ensure that the current system — one mindless click and you give away all your rights to personal data — wouldn't happen anymore," Baker said.

Beyond consumer rights and privacy issues, financial data is also a business asset that banks and tech companies will likely jockey over for many years to come.

In the bleakest of scenarios for financial institutions, large tech firms could use their access to financial data to eat banks' lunch.

"What Google and other large tech companies would like to do would be to turn banks into just a utility, by making sure that they are just those processing the transactions," Baker said. "All the customer interactions and all the true value is in the front end. The big technology companies would like to own the front end."

Today, banks, fintechs and tech companies can find at least one area for common ground. They say screen scraping is not a viable option in the long run.

"There's a lot of agreement between banks data aggregators and customers on where we want to get to," Morgan said. "There are better ways forward than sharing login credentials."

Even companies that perform screen scraping agree that the method is on its way out.

"Open APIs is certainly where we think the world is going," said Steve Boms, a spokesman for the financial data intermediary Yodlee.

Boms added that Yodlee, a company supervised by the Office of the Comptroller of the Currency, obtains 72% of its data through direct feeds rather than screen scraping.

In an ideal world, tech companies themselves would like to have direct access to all bank data through application programming interfaces.

"We think that data scraping is a very backwards, antiquated way of providing access," Peters said. "Data scraping should not be the way this works. It should be done through an [API]."

But banks have been slow to adopt the technology — with some notable exceptions, like BBVA and Citi.

Some contend that allowing third-party companies easy access to bank data through open APIs could place banks at a competitive disadvantage.

"The technology companies want an open API architecture where they can plug their API right into the banks and the transactions will be executed by the banks, on bank systems, at the direction of the APIs," Baker said. "The valuable part of the customer relationship is being taken by the software provider."

At the same time, banks — with their access to the payments infrastructure and to longtime customers — will not likely be an easy industry to topple.

"They start out with an incumbent advantage in that they have deposit account holders who are sticky," Peters said. "That's a benefit that technology companies don't have."

To protect their turf, banks could decide to build fintech applications in-house, Peters added.

"If financial institutions were to adopt a more technologically sophisticated way of providing access, they could do a better job of ensuring that their downstream interests are protected."

For reprint and licensing requests for this article, click here.
Compliance Cyber security