We are still in the early days of digital finance — but the heated tone of conversations surrounding approaches to data access threatens to keep us there.
The rapid growth in financial tools and services has enriched the lives of many people. This growth is powered by a set of underlying technologies that facilitate access to and exchange of personal financial data. It is this data — and the principle that people should control their own financial data — that forms the backbone of financial innovation. As an industry, we are jointly confronting questions about how to provide data access securely, efficiently and inclusively.
However, one needs to look no further than these very pages to see that the debate around these topics has intensified. As the industry begins to embrace the notion that consumers should control and have access to their data, the focus has shifted to how — not if — financial institutions should permit this access. Unfortunately, discussions on how best to address these questions are often mired in fear, uncertainty and doubt — mischaracterizing the technologies used for data access and data transfer without regard for how they actually work. Granted, the sheer number of terms and concepts — including Open Financial Exchange (OFX), Durable Data API (DDA), screen scraping, and OAuth — doesn't help.
The narratives surrounding technical details, competition and bank-controlled consumer data distracts from the objectives that all stakeholders share. These objectives are about building an inclusive and secure ecosystem that balances the needs of consumers, financial institutions and innovators. We all recognize that certain concepts are key to the success of this ecosystem. Financial institutions need flexibility in and visibility into how data is accessed. Different approaches work better for different institutions; each institution has its own set of preferences, priorities and technological systems. Allowing for this flexibility empowers financial institutions to enable access to personal financial data in a way that minimizes technical impact, cost and risk.
Yet accommodating these preferences is tricky for developers and other innovators in the space. They need standardized ways to access information — and assurance that these methods will deliver consistent data — if they hope to build products that serve all consumers, regardless of whether they bank at a top-five institution or a community credit union. And in this spirit, community banks and credit unions, which do not often have the technical budgets, legal resources, or staff that the big banks have, rely on these concepts to ensure their users have the same type of access that consumers of larger banks enjoy.
Managing flexibility and interoperability is a balancing act and a role that we as trusted intermediaries have performed. But striking a balance, rather than limiting options with prescriptive mandates, is essential. It's important to protect innovation and ensure that consumers have the ability to access the best solution. And the United States, with its thousands of financial institutions, is not likely to find a one-specification-fits-all solution; it certainly hasn't yet. A single standard for data access across all banks would be impractical, and threaten to exclude thousands of institutions and their customers from participating in this promising financial services landscape.
One example of that threat lies in negative portrayals of screen scraping, which often overlooks — or misunderstands — the technology at play.
Granted, screen scraping is not perfect, and critics raise valid concerns about load-heavy legacy methodologies. But a more modern version, called Screenless Data Collection (SDC), addresses many of its shortcomings. SDC is widely available, leverages existing technology infrastructure and imposes minimal server load.The claims that screen scraping compromises consumer security are particularly troubling. Screen scraping is strictly a means of data transfer; it implies nothing about permissioning or security. Institutions can add various permissioning layers to screen scraping (screen scraping can be combined with tokenization, for example), and data can be encrypted in transit across public networks. Screen scraping and consumer security are not mutually exclusive.
Right now, we have a unique opportunity to influence and improve the design of data access solutions to promote the flexibility and interoperability that stakeholders need, but it requires partnership. There are many approaches to data access in the United States today, reflective of the rich mix of institutions and interests that support financial services in this country. But if we are to build a sustainable ecosystem, the debates around how best to enable access should be informed ones.
We can balance these priorities and build a truly inclusive, secure financial services ecosystem with a clear-eyed view of the best technologies available both now and in the future. The stakes are too high — and the potential is too great — not to.
This article was written by Zach Perret from American Banker and was legally licensed through the NewsCred publisher network.
BNY Mellon is the corporate brand of The Bank of New York Mellon Corporation and may be used as a generic term to reference the corporation as a whole and/or its various subsidiaries generally. This material does not constitute a recommendation by BNY Mellon of any kind. The information herein is not intended to provide tax, legal, investment, accounting, financial or other professional advice on any matter, and should not be used or relied upon as such. The views expressed within this material are those of the contributors and not necessarily those of BNY Mellon. BNY Mellon has not independently verified the information contained in this material and makes no representation as to the accuracy, completeness, timeliness, merchantability or fitness for a specific purpose of the information provided in this material. BNY Mellon assumes no direct or consequential liability for any errors in or reliance upon this material.