Consumers have become more mindful than ever about granting permissions to applications or companies that access their personal data. Incessant cyberattacks, data breaches and unauthorized sharing of personal information by online services has put an increasing number of people on their guard.
To understand the scope of the problem, consider that the Breach Level Index reported more than 4.5 billion compromised data records worldwide during just the first half of 2018. As cyberattacks continue and global regulations begin to change the dynamics of privacy and banking, it’s easy to see why the consumer expects more control over their own data.
In October 2018, financial institutions, fintech firms and industry groups launched the Financial Data Exchange (FDX), a non-profit industry consortium and subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC). Similar to the way the Bluetooth core specification created a single standard for connecting wireless devices in 1998, FDX has created a common, interoperable data and security framework that allows consumers and businesses to share data with greater confidence and control.
The organization is governed by a board of directors gathered from financial institutions, banks, fintech companies, data aggregators and others within the financial data ecosystem. The creation of this group marks the first time that the financial industry has come together to fund a single standard that secures financial data sharing. The goal is establishing a global data sharing standard and API, free to everyone to use, that empowers and protects consumers, while also supporting its member efforts to deliver new products and services that put people in more direct control of their finances.
Given the financial industry’s track record for providing strong security protocols like encryption and multi-factor authentication to customers, it’s reasonable to expect this innovation in the digital age. Financial institutions have always viewed the custody and protection of their customers’ data as a responsibility, rather than an asset to be commercialized. And while financial institutions and fintechs of all types haven’t been completely immune to breaches, when strong security protocols are properly in place, they help these organization to know their customer, validate identity and detect fraud.
That’s why data sharing in financial services tends to be risk- and permission-based, controlled by audit trails and subject to regulation and risk management. So, for customers to be truly in-control of their own data, it must be both permissioned and transparent. As customer awareness of the value of their own data has grown, so too has awareness of the need to secure it like any other asset, both in rest and in motion.
Evolving global rules and priorities have enabled consumers and businesses to use an increasingly broad range of providers to manage their finances and enhance their financial lives. Where banking and financial services companies were once thought of as the main providers in the market, new rules and investments in innovation has enabled other providers to enter the market with a variety of financial service solutions. This means that banks are no longer the sole custodians of customer account information and payment services.
While consumers are more conscious of granting permissions to use their data, concerns remain that many do not fully understand the value or sensitivity of certain data elements the same way that fintechs, banks or regulators do. Despite evidence to support these concerns, the idea of a more open, technologically diverse financial landscape is gaining traction. Cumulative global investments in financial technology are estimated to exceed $150 billion the next 3 to 5 years.
Meanwhile, the U.S. financial industry is adapting to serve the digital-first customer through initiatives that provide security based on confidentiality, integrity and availability of data. Data sharing is now increasingly accomplished through APIs – smart “channels” that allow the flow of data between systems in a controlled, yet seamless way. The use of APIs allows organizations to develop and build applications and services around consumer-permissioned data and provides the account owners with additional financial transparency options. Using APIs, players in the financial market can share inspired ideas and reshape the customer’s financial management experience.
APIs are not new to financial services—they have been used for years. However, breakthroughs in advanced analytics along with market traction of innovative, new financial services companies, has led to renewed attention in APIs to enhance the delivery of financial services to retail and business customers. For example, third-party companies can provide applications that enable consumers to consult multiple bank accounts from a single application, apps that make it possible to get a credit decision instantaneously, send money via instant message, share bank account data with utilities or accountants, and countless other innovations.
It has become clear to the financial services industry, as the diversity and volume of offerings in the marketplace grows, along with consumer expectations to access and permission data to use these services, that a single, secure standard is needed. To date, a patchwork of proprietary APIs and data gathering applications (which require third parties to store consumer bank login credentials in order to access their account information) has been used to flow consumer data around the financial industry. The inconsistencies in the data standards and the security risks associated with this status quo are limiting further innovation and consumer empowerment.
Therefore, in 2019, we can expect customers to become savvier in the tradeoffs they make in exchange for their data, and that the industry will rapidly adopt a common data-sharing standard. For that exchange of consumer data to be fair, the terms must be transparent: what data, with whom, for what purpose, and for how long? The financial services industry will be differentiated by those who seek to be innovators and those who do not. Consequently, those that embrace new technology models will lead the market and play a critical role in determining the future of the industry.