Bank of America Corp. is among a number of financial firms to
temporarily cut off the flow of information to some websites and
mobile applications that aggregate consumer financial data,
according to people familiar with the matter.
The bank's move reflects the rising tension between Wall Street
and technology firms over these services, which are popular with
consumers and a cause of concern for banks. Several banks have
recently posted warnings on their websites discouraging customers
from dealing with these financial aggregators.
The Wall Street Journal previously reported that J.P. Morgan
Chase & Co. and Wells Fargo & Co. disrupted the data flow
to such sites in recent months.
"This is a shot across the bow from banks," said Michael Kitces,
director of planning research at Pinnacle Advisory Group Inc.,
which offers wealth-management services.
Consumers in recent years have flocked to aggregator sites in
particular as a way to monitor numerous financial relationships in
one place. In the past five years, the number of users on
aggregator Mint.com rose more than sixfold to 20 million, according
to the company.
While the banks have an interest in protecting their turf and
not sharing customers with tech-savvy upstarts, they have also
raised concerns that the aggregator sites may threaten consumers'
account security and the performance of bank websites. Banks said
they are within their rights to block or slow customers' access to
their own financial data.
Banks are in part responding to a surge in venture-capital
investment in personal finance startups, many of which aim to lure
customers from banks or at least make it easier for consumers to
shop among banks and startups for the best price or services.
Consumer banking and retail investing startups have raised $673
million globally so far in 2015, the most since the dot-com peak in
2000, according to Dow Jones VentureSource.
Consumers and industry executives have reported a number of
incidents in recent months that disrupted services to various
aggregator sites.
The rivalry came to a head in recent weeks when J.P. Morgan
restricted customers of Mint.com and Quicken, two popular products
of Intuit Inc., from seeing information about the customers' own
bank accounts through the Intuit products, according to the
Mountain View, Calif., financial-information company.
A spokeswoman for Intuit said "security is central to everything
we do. This includes continuously strengthening online account
security and data transmission for all our offerings, including
Mint, to safeguard customers' information."
San Francisco-based Digit.co, an aggregator that tracks
customers' balances and automatically shifts a portion to a savings
account as directed by the customer, said in an Oct. 27, blog post
that it was having "intermittent connection issues" with some users
who bank with J.P. Morgan.
The issues affected Digit's ability to report checking account
balances and to transfer some of the consumer's money into savings.
The outage has since been resolved, Digit said Friday.
"We know that our customers love these apps, so we're working
with the providers to make these interactions more secure," a J.P.
Morgan spokeswoman said in an email. "But in the meantime, we want
our customers to realize that they may be trading account security
for convenience when handing over their password" to third-party
sites.
J.P. Morgan Chairman and CEO James Dimon has publicly complained
about the rise of the aggregator sites and the implications for
data security.
Wells Fargo added an additional level of security to its
accounts last month that a bank spokesman said "may inadvertently
impact the ability of financial aggregators to gather customer
information."
Bank of America's action dates to July, when the firm took steps
that led to at least two aggregators being shut out, according to
people familiar with the matter. One of the aggregators was shut
out for about four hours, the people said.
"Our highest priority is to serve our customers in a secure
manner across the various channels we provide to them directly,"
said a Bank of America spokesman. "We actively manage any
trade-offs needed to ensure this."
The recent snafus have frustrated at least some customers at
aggregators. The recent Digit interruption with J.P. Morgan "threw
my financial life in disarray," said Henry Yeh, a systems engineer
from San Francisco who is a customer of both companies. "I'm
someone who places complete faith in technology to make smarter
decisions than I would."
"Banks might say they own the data, but they're my
transactions," said John Luciano, founder of Aqumulate, an
aggregation service for financial advisers. "Who are they to say I
can't view them over here?"
A banking-industry group said Monday that it is developing
security guidelines that it wants financial aggregators to
follow.
The recommendations, set to be released this month, would aim to
get aggregators to use more of security practices that banks use.
"Clearly, there is convenience here for consumers, but let's make
sure the data is secure," said Bill Nelson, chief executive of the
group, known as FS-ISAC.
"Aqumulate utilizes the same security measures that the big
banks do," said Mr. Luciano.
The view from some banks is that if a customer willingly
provides passwords and login information, whether to a friend or
aggregator, the bank wouldn't be on the hook if that account lost
money through a hack. No aggregator has been the victim of a known
major data breach.
To collect information seamlessly, aggregators often require
that customers turn over bank-account passwords. Banks including
J.P. Morgan, Capital One Financial Corp. and Fifth Third Bancorp
have warned customers that such sharing could be a security
risk.
Aggregators "may be smaller startup companies that do not have
sophisticated security and fraud teams," noted Fifth Third on its
website. Capital One, which is one of the largest credit-card
issuers in the U.S., told customers in a notice on its website: "If
you choose to share account access information with a third-party,
Capital One is not liable for any resulting damages or losses."
A Capital One spokeswoman said, "We have that language in place
for security reasons. We may need to block access to a specific
aggregator if they experience a data security issue in order to
protect our customers and their information."
Fifth Third declined to comment.
Robin Sidel
Subscribe to WSJ: http://online.wsj.com?mod=djnwires
(END) Dow Jones Newswires
November 09, 2015 20:45 ET (01:45 GMT)
Copyright (c) 2015 Dow Jones & Company, Inc.
Capital One Financial (NYSE:COF)
Historical Stock Chart
From Mar 2024 to Apr 2024
Capital One Financial (NYSE:COF)
Historical Stock Chart
From Apr 2023 to Apr 2024