Data

How JPMorgan is pushing back against fraud in fintech

  • JPMorgan wants to make it easier for customers to use fintech apps -- something JPM excelled in long before the rest of the industry embraced legacy-startup collaboration
  • JPMorgan and Wells Fargo are leading the push against screen scraping, the more common way for companies to access customer data
close

Email a Friend

How JPMorgan is pushing back against fraud in fintech

The market for consumer fintech apps may be a little saturated, but if customers want to use them, JPMorgan is going to let them — if it’s safe.

On Tuesday, the U.S. banking giant announced an API-sharing agreement with the Utah-based data aggregator Finicity, in which the bank would push customer data to Finicity through an application programming interface that would be shared with its various clients, digital lending and personal financial management apps of interest to Chase customers.

“Our customers really want to use these financial apps and they do use them a lot,” said Trish Wexler, a spokeswoman for JPMorgan Chase. “We want them to find a safe, secure and private way for them to be able to do that without having to hand over their bank password. We think using a tokenized method — instead of having an aggregator come in and screen scrape a customer’s full accounts — is a safer and more private way to do that.”

Screen scraping is the most common way for companies to access customer data. When customers log into third-party sites or apps with their bank credentials, their sensitive information gets “scraped” by the company and stored for re-use. That way, the company can log into the bank account as the customer in order to retrieve account data as necessary.

That makes any possible breach of the fintech app a breach of the bank account. Fraud is often a bigger problem for the bank than the customer; customers can usually rest assured the bank will investigate the transactions and return the funds to their accounts. But in a world where customers are sharing data carelessly and frequently in almost everything they do, they’re vulnerable to more extreme consequences of identity fraud.

It’s hard to make them care about that.

“It’s clear that when there’s a screen on a new app doing a refresh that says ‘click here to accept new terms of the agreement’ both of us would raise our hand and say yeah, I didn’t read that,” Wexler said. “It’s like leaving your keys on front door and walking away.”

This is JPMorgan’s second such agreement. At the beginning of the year, it formed a similar one with Intuit, in which it would share data on its customers that sign up for Intuit products and services — QuickBooks, TurboTax and Mint.

“For years, we have been describing the risks – to banks and customers – that arise when customers freely give away their bank passcodes to third-party services, allowing virtually unlimited access to their data,” JPMorgan CEO Jamie Dimon said in his annual letter to shareholders earlier this year. “Customers often do not know the liability this may create for them, if their passcode is misused, and, in many cases, they do not realize how their data are being used. For example, access to the data may continue for years after customers have stopped using the third-party services.”

JPMorgan spent 16 percent of its total expenses on technology in 2016, it said in its annual report. It allotted $3 billion of a total $9.5 billion in spending to “new initiatives,” $600 million of which it used for fintech partnerships and improving digital and mobile services.

It’s Finicity’s second deal with a bank too; in April it signed a deal with Wells Fargo, which wants to establish itself as the leader of the anti-screen-scraping movement. Wells formed a deal with Intuit in February and with Xero a year ago. Banks and other industry players are having many conversations about whether there should be more standardization where data sharing and exchanging is concerned and what those standards might be, Wexler said, adding that Chase has been in talks with “all major aggregators” and will continue having those conversations.

Finicity is slightly different from the other data aggregators in that allows its partners, Wells Fargo and Chase, to move data to the third-party fintech apps that work with it (like Mvelopes, Lendio, Drop and PocketGuard); whereas Intuit and Xero use banks’ customer information for their own financial applications. JPMorgan was swooping up fintech partners — Zelle, Roostify, OnDeck Capital, TrueCar, Symphony — long before the industry as a whole began embracing collaboration and declaring 2017 the year of bank-fintech partnerships.

“Under this arrangement, customers can choose whatever they would like to share and opting to turn these selections on or off  as they see fit,” Dimon said of the Intuit agreement in the annual letter. “We are hoping this sets a new standard for data-sharing relationships.”

0 comments on “How JPMorgan is pushing back against fraud in fintech”

Data

‘Leveling the playing field’: Could rent reporting pave a path to greater financial inclusion?

  • Timely rent payments aren't taken into consideration by credit bureaus, missing an opportunity to score thin- or no-file people.
  • Rent reporting could turn out to be a solution.
Rivka Abramson | July 22, 2021
Data

Cheat Sheet: White House pushes the CFPB to formalize consumer access and control over financial data

  • Executive order encourages the CFPB to issue regulations that put consumer data in the hands of the consumers.
  • The directive builds on existing legislation known as the Dodd-Frank Act of 2010.
Shehzil Zahid | July 13, 2021
Data

Download: Tearsheet’s 2021 Data Guide

  • Finacial data is the underpinning of the modern financial experience.
  • Tearsheet's 2021 Guide to Data explores trends and opportunities in financial data.
Tearsheet Editors | June 17, 2021
Data

Tearsheet’s 2021 Guide to Data Aggregation

  • Financial data ecosystems are being built around financial institutions and fintech firms.
  • Tearsheet's 2021 Guide to Data Aggregation
Tearsheet Editors | June 09, 2021
Data, Member Exclusive

Five things we learned from Tearsheet’s second DataDay Conference

  • The financial services industry – including banks, fintechs and aggregators – are focusing on ways to allow for secure, consumer-permissioned data access.
  • The industry in the U.S. is moving towards adoption of a standardized way to safely transfer account data as new use cases emerge.
Suman Bhattacharyya | June 08, 2021
More Articles