Jamie Dimon, JP Morgan Chase’s Chief Executive, made some interesting remarks recently on data aggregation:
"They take more of your data than they need to;
Many of them sell the data to outsiders in a way that benefits them but not you;
They often take your data every day, for years, even if your account is inactive;
If your money disappears because of fraud, it’s on you, not the bank."
Is Dimon targeting a whole service industry or just specific service providers?
His words of wisdom are warning to the shareholders and JP Morgan Chase’s clients; be aware, your data is not as secure as you are made to believe. Some can even argue that he’s trying to improve JP Morgan’s offering, but sadly, his words hold some truth; personal data is indeed being sold to third-parties. A few years back, his warnings would have held full truth and wisdom. Now however, we can demonstrate that not all account aggregation offers are the same, not all providers extract data, and definitely not all apps run in the background without your knowledge!
Let us examine each accusation and turn it into a myth! Firstly, there are several different account aggregation models available on the market; server-side and client-side. We, at eWise, offer a client-side model based on our patented technology. In both cases the aggregation software uses the customer’s user Ids and passwords to securely access their online banking and other accounts; automatically logging into the website of their service providers. Once logged in, the aggregation software identifies certain financial information, extracts the data and presents it to the user in a consolidated display. Now, here where it becomes interesting, in the client-side model the data, including id and password, is saved on the user’s Personal Data Vault on their chosen device, therefore, some of Dimon’s accusations do not necessarily apply to this model.
Myth one: Account aggregators, or Fintech start-ups, take more of your data than they need to.With client-side, users connect their accounts of choice and personalise what data to share with their service providers via permission settings. If users don't want to share any data with the service provider, then nothing is shared. That's it. With this technology, the power and control is in the users’ hands.
Myth two: Many of them sell the data to outsiders in a way that benefits them but not you.This is fact and cannot be denied; the industry is making millions on data and growing. Greater customer insight leads to increasing profit and lower churn. The question here; is why is the industry the only one benefiting from customers' data? With client-side aggregation, as mentioned above, the user is in control and they can decide to share their personal information with their service provider. Information exchange can help both parties, the users can benefit from getting more back and having tailored services based on their needs and financial situation. The sharing is transparent and explicit.
Myth three: They often take your data every day, for years, even if your account is inactive.Personal Data Vault does not pull data but pushes data when the user opens the app and uses the service, unlocking eWise Personal Data Vault (PDV). It means that if users are inactive or delete the PDV from their device, they are not accessing the service anymore, thus the PDV can't be open and can't work anymore. eWise patented technology is a customer always present solution, in order to access the data, the user needs to activate the PDV.
Myth four:If your money disappears because of fraud, it’s on you, not the bank. The credentials are saved on the Personal Data Vault and never shared with a third party, therefore, not breaching the banks terms and conditions. The service provider does not become a custodian of user's personal data such as login and password. So, if no breach of the T&Cs is done, why should liability change hands?
Wait, is he saying that banks refuse to use account aggregation services? Actually, more and more banks are using these services for a wide range of their clients from high-net-worth to mass-market. Banks and other financial institutions recognise the advantage for them and their customers to have software that connects all bank accounts, investment portfolios and other relevant accounts. We can even see the shift toward account aggregation with the revised Payment Services Directive 2 (PSD2), Banks in Europe have to adapt their systems and security to follow the new regulation and open their Application Program Interface (APIs) to access users' accounts.
Account Aggregation was created to simplify the users’ relationship with their money and their banks. This sector is evolving, with new privacy and security regulations giving the consumers more confidence, the tools will surely change the bank-client relationship, for the better.