Frequently Asked Questions

Privacy and security

What is a Personal Data Vault?

The Personal Data Vault (PDV) provides consumers, businesses and investors with a secure and private place to aggregate, store, manage and share their financial information. The PDV is a downloadable component of the eWise solution and resides on the end-users chosen device. The PDV can be used to aggregate financial information such as account balances and transactions but also information from retail affinity, airline reward programs and utility companies.

Do end-users ever disclose their online User-Ids or Passwords?

NO. The eWise solution is designed specifically never to ask or require the end-user to disclose their online credentials to a third-party. This is a core principle of our Patented “Client-Side” aggregation technology.

Why is the eWise solution so different?

Unlike “Server-Side” Account Aggregation, the eWise solution aggregates data directly from the end-users chosen device. The end-user is never required to disclose their online credentials and all data is encrypted on their device.

Can I get “Client-Side” Aggregation from another provider?

NO. Our patents mean that our solution is truly unique.

Is your solution Patented?

Yes. The eWise “Client-Side” aggregation technology has been issued patents in the United States, Australia, Asia and the European Union.

Is your solution Legal & Compliant?

YES. The eWise solution is designed to ensure that end-users never disclose their online credentials to a third-party and therefore, never break the terms & conditions of their respective online service providers. The eWise solution has been verified and assessed by many of the world’s leading banks and compliance departments.

Has the eWise solution ever experienced a security breach?

NO. eWise was founded in 2000 and since then, the eWise solution has been implemented for a number of the world’s largest financial institutions and has never experienced a security breach or compromised sensitive financial information of an end-user.

What is unique to eWise?

Our approach is unique due to our client-side account aggregation approach. No sensitive login credentials are ever shared with a third-party server. All sensitive data is encrypted and securely stored in the Personal Data Vault (PDV) that is installed onto the device of the customer (desktop/laptop/mobile/tablet) the first time the end-customer logs in.

Your customers are concerned about sharing their bank details.

Our technology does not store your customer’s online banking credentials (username and password) - these are encrypted and stored on their own device. These details never leave the safety of their own device and even we do not have access to this information. We use 256-bit SSL encryption environment and have also verified our environment by external parties for our security arrangements.

How is your customer’s information protected?

To ensure all customer data is safe, we adhere to the most rigorous industry standards for transmitting sensitive financial information. We protect all data using advanced 256-bit encryption, same as used by banks. We do not store any of the customer's login details on our server.

As account aggregation provider, does eWise take more of the user's data than they need to?

With client-side aggregation, users connect their accounts of choice and personalise what data to share with their service providers via permission settings. If users don't want to share any data with the service provider, then nothing is shared. With this technology, the power and control is in the users’ hands.

Does eWise take data every day, for years, even if the user's account is inactive?

The eWise Personal Data Vault does not pull data but pushes data when the user opens the app and uses the service, unlocking eWise Personal Data Vault (PDV). It means that if users are inactive or delete the PDV from their device, they are not accessing the service anymore, thus the PDV can't be open and can't work anymore. eWise patented technology is a customer always present solution, in order to access the data, the user needs to activate the PDV.

Is the user breaking the bank's Terms & Conditions using eWise Account Aggregation?

The bank's Terms & Conditions forbid customers to share their account's login and password with third-parties, ie with account aggregators. using eWise technology, the credentials are saved on the Personal Data Vault and never shared with a third party, therefore, not breaching the banks Terms & Conditions. The service provider or eWise do not become a custodian of user's personal data such as login and password.

Does Account Aggregation weaken the bank's security mechanisms?

eWise Account Aggregation technology does not weaken security mechanisms – we fully support all security mechanisms deployed by banks.

  • Full support for multi-factor authentication
  • No disclosure to any third party
  • Full automated verification of the bank’s URL and certificate to eliminate spoofed sites/redirects

Could the user's personal data be compromised if the device where the PDV is stored is lost?

The personal information stored and encrypted within the Personal Data Vault (PDV) cannot be accessed by hackers as the PDV has to be unlocked with a separate encryption key saved on the service provider's server. The information (keys) used to retrieve the consumer data are not where the access credentials are stored. The keys to decrypt the data are stored on the server managed by the service provider. A stolen device with a Personal Data Vault is useless – no brute forcing is possible. The user can also declare its device as lost / stolen and the PDV will be blocked.

How could the Personal Data Vault be opened and display personal information?

Here is how encryption keys flow works:

  • The cryptographic keys used for the Personal Data Vault encryption are stored on the service provider's server, mapped to the client device and only provided after the successful consumer authentication.
  • The institution access credentials (user id, password, challenge questions) are never stored on the server.
  • The requests for the keys are only accepted from authenticated sources.

Copyright/Database protection

There is no copyright infringement as the technology allows the user to access their own accounts and view and extract their own account data. No third party is involved in the process of unauthorised copying of the institution’s data.

Is eWise technology compliant with the Computer Misuse act 1990 in the United Kingdom?

The eWise Application Suite fully complies with the provisions of the Act. There is never any unauthorised access by a third party to an institution’s website. The user of the aggregation applications simply uses the technology provided by eWise to access their own accounts, from their own device using encrypted and securely stored logins and passwords.

Products

Does it require a software or app to be installed?

Our Money Manager white-label app is designed to be installed simultaneously with the bank’s app with no additional installation for the FastBalance mobile app on iOS and Android. For web/desktop installations, a relatively small PDV component needs to be installed. The Aegis platform and micro-services can be accessible through our APIs.

What are eWise's products?

eWise products suite includes:

  • The White-label money management apps: Money Manager and FastBalance beautifully designed apps offer best-in-class user experience on desktop, tablet and mobile. Users get a global view of all of their financial accounts in one dashboard and access powerful Personal Financial Management features.
  • Aegis: the data aggregation platform. The Aegis platform enables your customers to privately and securely aggregate, store, manage and share their financial information. Leverage eWise's data aggregation platform to easily connect users' bank accounts, credit cards, investments, pension funds, utilities, loans and more.
  • Our API micro-services. Developers can use eWise API services to efficiently build financial apps, leveraging eWise expertise in transaction categorisation, cashflow forecasting and alerting. APIs can be integrated seamlessly within your apps or connect to the Aegis platform to access bank data.

How many banks does eWise support?

We retrieve balance and transactions from hundreds financial institutions in Australia, Singapore, Thailand, Switzerland and United Kingdom. eWise Aegis connects to current accounts, investment accounts, business accounts, insurance contracts, superfunds and retirement accounts. We also provide access to an extensive list of utility providers, frequent flyer and loyalty programs in Australia, Singapore and United Kingdom. For more information regarding our institutional coverage please reach out to us.

Which type of account does eWise support? Which data is retrieved?

eWise supports:

  • Consumer bank accounts / balance and transactions
  • Business bank accounts / balance and transactions
  • Investment accounts / balance, holdings and transactions
  • Insurance contracts / contract details and bills
  • Superfunds / balance, holdings and transactions
  • Utility accounts / balance and bills
  • Loyalty programs / loyalty points balance and status
  • Frequent flyer programs / loyalty points balance and status

Does eWise proceed domestic transfers?

eWise instantly authenticate accounts for Faster Payment Services transfers in the United Kingdom. Faster Payments is the only UK payment system available day and night, 365 days per year, supporting the demands of personal and business customers, ensuring that they are the best choice for moving money at any time, simply, quickly and reliably.

Learn more about financial institutions participating in Faster Payment.

Can you support tokens/multi-factor authentication?

Yes, we do. eWise Account Aggregation technology is a customer-always present solution. Hence OTP/token input requirement is never an issue for us as the user can directely enter the One Time Password requested.

Which browsers are supported?

We support the following Web browsers running in Windows or Mac OS X:

  • Google Chrome: v35 or higher
  • Mozilla Firefox: v25 or higher
  • Apple Safari: v5.1 and higher
  • Microsoft Internet Explorer: 10 and higher
  • MS Edge
  • Note: using non-supported browser versions may work but would result in performance not in line with acceptable standards.

Implementation and deployment

Is it possible to test eWise solutions?

Request a Demo and our team will contact you to learn more about your project. We will set up a test environment for you in order to allow your developers to test the service.

How much does eWise technology cost?

We will be happy to learn more about your project and tailor a pricing plan for you. Our pricing is adapted to your business model and the number of active users. Reach out to us through our contact page to receive pricing details for all products.

How do you take care of changing e-banking websites?

We have a support team that monitors the existing library of bank connectors for regular updates (at 2-3am local times) on a daily basis. Our technology is sophisticated enough to handle minor cosmetic changes on its own. However for major structural changes in the portal, our bank connectors development team will make those changes within a short time-frame to ensure accuracy of data aggregated. Pre-stage and post-implementation notices are provided to all end customers accordingly.

How can eWise support team be contacted?

  • eWise Support Board: https://support.ewise.com
  • Email: support@ewise.com

Accelerating financial services innovation

Explore the power of eWise products for
Sign up to updates
Request Demo