Secure and Transparent Data Portability with Open Finance

Secure and Transparent Data Portability with Open Finance

Over the last two years, the world has seen a massive wave of digitalization. Data sharing and data privacy have taken on greater importance, and data portability has become paramount to managing personal finances. While various data aggregators have been accessing consumer data for some time now, common data-aggregation practices like sharing of account credentials can expose consumers to risk, and fintechs and aggregators sometimes collect and retain access to more data than they need. The need to share data will only increase, so it is essential that secure and transparent methods are developed and implemented.

To learn more about these data trends and how data sharing is enabling the digital economy, PaymentsJournal sat down with Jamie DelMedico, VP of Aggregation and Information Services at Fiserv, and Tim Sloane, VP of Payments Innovation at Mercator Advisory Group.

The state of consumer data

Data sharing with third-party applications is expanding at a rapid rate. Various new fintechs are offering niche products and experiences to consumers, in large part because banks cannot provide every possible financial service to all of their clients. Accessing fintech products and services typically involves sharing credentials, but most consumers do not realize that fintechs can maintain access to credentials for extended periods of time.

“When [customers] first get the ability to connect a third party to their data, they accept it,” Sloane pointed out. “They have no clue that that is going to continue on, and that they are going to have constant access to that information.”

Having a mechanism to communicate to customers about their financial data – what data is being shared, when, and with whom – is a sensible form of transparency. Regulations around data sharing are hotly discussed and likely forthcoming, and many companies are already preparing for compliance by using pop-ups to alert customers that they are using a third-party data aggregator.

“Fiserv is heavily focused on providing secure consumer-permissioned access to data via tokens to eliminate some of that guesswork for the consumer experience,” DelMedico clarified.

How the payments industry is making data more secure

Many large financial institutions are beginning to make the pivot to open authorization, or OAuth. This allows FIs to deny third-party fintechs and aggregators from continuously accessing consumer data and ensures that credentials are never shared with any third-party fintechs without direct consumer authentication. OAuth experiences are enabling the consumer to have more control about what data that fintech or aggregator can collect,” summarized DelMedico.

Smaller FIs are also beginning to offer OAuth capabilities, albeit with slightly slower adoption. Fiserv recently launched its AllData Connect product to expedite the transition to consumer data control. Any FI that maintains its core banking or digital banking platform with Fiserv can enable an OAuth experience. There are currently thousands of such domestic FIs.

“AllData Connect enables a more secure data sharing experience for FIs and their end-consumers,” said DelMedico. “Similar to OAuth, this ensures that consumers do not have to share credentials with third-party applications.”

Prioritizing the details of third-party integration

Despite the potential risk of credential sharing, financial institutions realize they cannot offer everything that third-party fintechs can offer. Customers want to connect their primary FIs to fintechs that offer services for wealth management, investing, budgeting, and more. But oftentimes consumers are prevented from accessing their own personal data by FIs, even though the law requires otherwise.

Dodd-Frank 1033, in particular, stipulates that financial institutions need to provide third-party sources consumer-permissioned access to their own data,” DelMedico explained. Moreover, the sheer volume of credential sharing also opens the door for fraud, making tokenized and consumer-permissioned data all the more important.

Data sharing: risk and reward

With all the complications of exposing personal data to various organizations, it might seem strange that consumers so readily allow the details of their lives to flow between interested parties. “Consumers are willing to consent to data sharing in exchange for what they consider valuable, and anything that would simplify their life,” DelMedico elaborated.

One of the most ubiquitous use cases involves the gig economy. Thousands, even millions of workers juggle multiple or quickly changing jobs, and third-party apps can help with tasks such as cash flow analysis and tax preparation. Hourly workers also find value in fintechs such as DailyPay.

“There are payroll aggregators that collect the data from payroll companies in order to see the hours worked,” noted Sloane, “to predict that, yes, it is good to go ahead and do daily pay for this particular individual.” Ultimately the promise of data sharing all depends on driving the right benefits for end users.

Adding value to consumer experience with open finance

If consumers are willing to consent to their data being shared via open finance, there are a great many benefits, according to DelMedico:

To that end, Fiserv has created a secure open finance system for aggregators like MX and Finicity to connect to Fiserv financial institution clients through AllData Connect. “That is a huge win,” DelMedico concluded. “Not only for our financial institutions, who view that as an opportunity to reduce fraud, create a better customer experience for their consumers, and keep some of that volume off of their IPs hitting online and mobile banking platforms, but also for their consumers.”

Exit mobile version