Data

How JPMorgan is pushing back against fraud in fintech

  • JPMorgan wants to make it easier for customers to use fintech apps -- something JPM excelled in long before the rest of the industry embraced legacy-startup collaboration
  • JPMorgan and Wells Fargo are leading the push against screen scraping, the more common way for companies to access customer data
close

Email a Friend

How JPMorgan is pushing back against fraud in fintech

The market for consumer fintech apps may be a little saturated, but if customers want to use them, JPMorgan is going to let them — if it’s safe.

On Tuesday, the U.S. banking giant announced an API-sharing agreement with the Utah-based data aggregator Finicity, in which the bank would push customer data to Finicity through an application programming interface that would be shared with its various clients, digital lending and personal financial management apps of interest to Chase customers.

“Our customers really want to use these financial apps and they do use them a lot,” said Trish Wexler, a spokeswoman for JPMorgan Chase. “We want them to find a safe, secure and private way for them to be able to do that without having to hand over their bank password. We think using a tokenized method — instead of having an aggregator come in and screen scrape a customer’s full accounts — is a safer and more private way to do that.”

Screen scraping is the most common way for companies to access customer data. When customers log into third-party sites or apps with their bank credentials, their sensitive information gets “scraped” by the company and stored for re-use. That way, the company can log into the bank account as the customer in order to retrieve account data as necessary.

That makes any possible breach of the fintech app a breach of the bank account. Fraud is often a bigger problem for the bank than the customer; customers can usually rest assured the bank will investigate the transactions and return the funds to their accounts. But in a world where customers are sharing data carelessly and frequently in almost everything they do, they’re vulnerable to more extreme consequences of identity fraud.

It’s hard to make them care about that.

“It’s clear that when there’s a screen on a new app doing a refresh that says ‘click here to accept new terms of the agreement’ both of us would raise our hand and say yeah, I didn’t read that,” Wexler said. “It’s like leaving your keys on front door and walking away.”

This is JPMorgan’s second such agreement. At the beginning of the year, it formed a similar one with Intuit, in which it would share data on its customers that sign up for Intuit products and services — QuickBooks, TurboTax and Mint.

“For years, we have been describing the risks – to banks and customers – that arise when customers freely give away their bank passcodes to third-party services, allowing virtually unlimited access to their data,” JPMorgan CEO Jamie Dimon said in his annual letter to shareholders earlier this year. “Customers often do not know the liability this may create for them, if their passcode is misused, and, in many cases, they do not realize how their data are being used. For example, access to the data may continue for years after customers have stopped using the third-party services.”

JPMorgan spent 16 percent of its total expenses on technology in 2016, it said in its annual report. It allotted $3 billion of a total $9.5 billion in spending to “new initiatives,” $600 million of which it used for fintech partnerships and improving digital and mobile services.

It’s Finicity’s second deal with a bank too; in April it signed a deal with Wells Fargo, which wants to establish itself as the leader of the anti-screen-scraping movement. Wells formed a deal with Intuit in February and with Xero a year ago. Banks and other industry players are having many conversations about whether there should be more standardization where data sharing and exchanging is concerned and what those standards might be, Wexler said, adding that Chase has been in talks with “all major aggregators” and will continue having those conversations.

Finicity is slightly different from the other data aggregators in that allows its partners, Wells Fargo and Chase, to move data to the third-party fintech apps that work with it (like Mvelopes, Lendio, Drop and PocketGuard); whereas Intuit and Xero use banks’ customer information for their own financial applications. JPMorgan was swooping up fintech partners — Zelle, Roostify, OnDeck Capital, TrueCar, Symphony — long before the industry as a whole began embracing collaboration and declaring 2017 the year of bank-fintech partnerships.

“Under this arrangement, customers can choose whatever they would like to share and opting to turn these selections on or off  as they see fit,” Dimon said of the Intuit agreement in the annual letter. “We are hoping this sets a new standard for data-sharing relationships.”

0 comments on “How JPMorgan is pushing back against fraud in fintech”

Data, Library, Sponsored

WTF is Modern Connectivity?

  • The financial industry is leaving behind legacy methods like screen scraping and looking to direct connections that are safer, faster, and more reliable.
  • Download the new WTF Guide by Tearsheet and MX all about Modern Connectivity.
MX | October 11, 2021
Data, Sponsored

Fighting fraud by better understanding financial data

  • With the rise of open banking, the security of financial data should be top of mind.
  • MX breaks down three keys for keeping customers' data protected.
MX | September 28, 2021
Data

Joining Chase and Wells Fargo, TD Bank joins Akoya financial data network

  • TD Bank’s customers will be able to securely provide access to their banking data to fintech apps and data aggregators using Akoya
  • This data is not copied or stored and is provided in a standard output based on the Financial Data Exchange’s API standard.
Subboh Jaffery | September 20, 2021
Data, Podcasts

‘Data aggregation is used today in ways we wouldn’t have thought about five years ago’: Fiserv’s Kevin Hughes

  • Fiserv enables banks, credit unions, and fintechs to aggregate data seamlessly and securely.
  • Kevin Hughes, who manages the AllData products, talks to Tearsheet about changes in the aggregation field and where it's heading.
Fiserv | September 09, 2021
Data, Member Exclusive

‘Leveling the playing field’: Could rent reporting pave a path to greater financial inclusion?

  • Timely rent payments aren't taken into consideration by credit bureaus, missing an opportunity to score thin- or no-file people.
  • Rent reporting could turn out to be a solution.
Rivka Abramson | July 22, 2021
More Articles