Should FinTech Startups Have Access to Banking Data?

Financial technology platform Plaid raised $44 million in the Series B funding round led by Goldman Sachs Investment Partners.

‍

Here’s Plaid’s description taken from its official blog: “Plaid is the technology fabric that connects consumers, their bank accounts, and third-party applications. Our suite of APIs enables developers to build applications that interface with users’ bank accounts—whether to collect and use account data, set up payments, verify identities, or much more.”

‍

While it is undoubtedly a great start to the week and the next big cycle of growth and development for Plaid, the news has triggered a certain spillover concerning the problem related to all third-party companies ‘sneaking’ into bank infrastructure to access the banking data of the customers.

‍

As Zach and William, Co-founders of Plaid, emphasized, “The bank account is the hub upon which everything in banking relies. Every deposit we receive, investment we make, bill we pay, and budget we make starts and ends with the funds or data in our accounts.” So it’s particularly interesting that Goldman Sachs led a funding round for the company that wants to create sort of another hole in the closed infrastructure of banks to retract data about bank accounts.

‍

The situation and the discussion may have changed since last year when Goldman Sachs’ opposition had a different strategy of dealing with third-party data access for personal finance management purposes.

‍

In particular, at the end of last year, Bank of America was reported to be among several financial institutions to temporarily cut off the flow of information to some websites and mobile applications that aggregate consumer financial data, as reported by the WSJ.

‍

Due to concerns over security & privacy and overwhelming traffic to banks’ websites, some major players are seeking to restrict services popular among consumers by providing extraordinary convenience at a price—the integrity of the banking system.

‍

Wells Fargo joined the league of opposition to aggregators when the bank “added an additional level of security to its accounts” last year that prevented aggregators from being able to automatically retrieve customer data, as WSJ reported.

‍

Last year, when JPMorgan temporarily restricted Mint from accessing banking account data, the banks’ spokesperson commented, “Handing over your password to your bank account just isn’t a good idea. We’re working with the industry to make a secure and private way for our customers to access these services.”

‍

Caution, however, can also be explained by tough competition. FinTech startups logically want data to be freely available to customers (and startups, of course), while banks tend to be protecting precious information they own. Banks have stated that they only want to make sure customer data is secure and that their servers aren’t overwhelmed. FinTech startups are leveraging the importance of customer experience and the value provided to them.

‍

But any outstanding customer experience with platforms easing personal funds management or any APIs providing access to banking data comes with its price.

‍

The Lucerne University of Applied Sciences and Arts brought an interesting analogy explaining the risks customers undertake by providing access to their banking data to wonderfully convenient financial technology platforms: “If you as a client pass on your personal access data in this manner, this is similar to you booking your holidays at a travel agency and then simply logging on the travel agent into your e-banking account and then leaving the shop—blindly trusting that the travel agent will now actually only debit the amount owed by you from your account, and will then log out again straight away. Any nosy employee might as well just have a look at how much salary you are paid, and if they have malicious intentions, they could even try to finance their own holidays from your account.”

‍

In addition to the risk of impersonation, the university also mentions a possible loss of control over banking data. When large amounts of data access in one jurisdiction are processed in a different country with different regulatory and security environments, customers are risking having little to no control over what is happening with their personal information collected by those platforms.

‍

There is no doubt that FinTech startups and banks are giving the highest priority to customer protection. And the matter of data access is the same discussion that goes around Open Banking APIs. But, putting aside the security, it probably boils down to strong competition and the power small players would gain given the opportunity to access rich banking data. In that scenario, banks would not have the leverage they have now and will be pushed out of their comfort zone to look for different ways of holding dominance in the industry.

‍