Building the underlying pipes for safe data transfer: How Akoya is using APIs to scrape away screen scraping
- Screen scraping is getting old. Akoya favors an API-first, fully consumer-permissioned approach that takes care of consent, security, and storage all at once.
- Standardization and prioritization continue to be the biggest challenges faced by API-first approaches, but Akoya says it is used to getting the hard work done first.
Screen scraping has been falling out of favor as API-first platforms like Akoya are de-risking data sharing and turning it into a more consent-based process. At our recent DataDay Conference, Jeff Kukesh, the VP of Product at Akoya, spoke to Tearsheet Editor-in-Chief Zack Miller, about the role APIs can play in building an open financial system while scraping away risky practices from the past.
For Kukesh, Open Finance means accessing data that has “historically been locked up in banks”, and building an ecosystem that engenders trust, scalability, and consent. Without these values, the possibility of practices like screen scraping slipping through the cracks becomes a lot higher. The primary issue with this practice is that it relies on consumers sharing their credentials with third party apps, rendering the whole infrastructure vulnerable to bad actors. While the list of possible bad actors was already large with black hat hackers and terror groups abound, the recent political landscape has also added state-sponsored attacks to this unenviable list.
Apart from the risky business of giving away one’s login information, concerns around how far data scraping is going and who the data is being shared with are coming to the fore as well.
On the recipient’s side, the growth of fintechs in the market means that more data access requests are being generated every day. ‘It is easier now to stand up a fintech than it’s ever been”, according to Kukesh, which contributes to the necessity of moving away from screen scraping and towards an environment that allows many tools to work in synergy.
To provide a viable alternative source of data, companies like Akoya have built software environments and negotiating hubs that transparently deal with questions of storage, liability, and what can be shared. Unlike screen scraping, their OAuth (Open Authorization) methodology does not rely on sharing credentials, but is instead built on an open protocol that enables secure authorization. Through a single integration with Akoya, FIs, data aggregators and fintechs can access data that would otherwise be siloed, by establishing multiple secure API connections.
Spun out of Fidelity and owned by major FIs, Akoya began as an effort to solve problems closer to home. “It became clear that the problem we were trying to solve for Fidelity was a larger industry issue,” said Kukesh, prompting them to become what he calls “the underlying pipes”. These API-powered pipes allow data to pass through in a fully consumer-permissioned manner. Saving no data for itself, Akoya’s core value comes not from making use of data, but from safely passing it along. Since the company aims for a one-to-many point of connection, the complexity of their contracts often competes with the complexity of their integrations.
Despite proximity to FIs through its investor structure, Akoya had to jump through all the hoops to get to where it's at. “We have worked through their incredibly complex contracting, and due diligence processes, and we actually integrated with all their APIs,” said Kukesh. This allowed the firm to spend the last year ‘stocking up shelves’ and gearing up for this year’s goals to integrate with more fintechs. Despite the success so far and the rising concerns around screen scraping, there are still some nuts that Akoya must crack on its way to fully open finance.
Standardization and prioritization
“Right now, there's 10,000 different financial institutions out in the US – many of them don't even have APIs, and the ones that do, don't look the same.” According to Kukesh, the lack of standardization among platforms continues to create issues because core data like current balances can mean different things at each bank. Moreover, as more fintechs join the space and bring their own needs to the table, maintaining consistent language for their contracts can be tricky.
While big banks have the resources and funds to build an API-first strategy, many other small organizations struggle with API prioritization because it is a non-revenue generating activity. Within these small organizations, those that run their business through big tech providers, such as Jack Henry, can try offloading their API burdens to their software providers. For others, Akoya plans to build toolkits and middleware that can help organizations start their API journey.
Spurred on by these challenges, Akoya plans to continue fulfilling its role as a data transfer enabler for the industry. The company currently provide tools back to firms that help ensure and manage ongoing consent with consumers. To further de-risk data sharing, the company uses tokenization, which will add another filter that ensures protection and privacy in the pipes by removing the need to share bank account numbers. With smaller banks waking up to the need to move away from screen scraping and build more robust solutions, going API-first will become more common. Meanwhile, consumers will continue to vote with their wallet to cut away screen scraping, Kukesh says “I know I only use banks that are cutting out screen scraping."