In a letter for the request for information that the CFPB completed earlier this year, CFSI laid out broad principles it hopes will become industry standard: availability of data on third-party applications in a timely and reliable manner, with permission of the customer, and sharing only the minimum data necessary. A similar model is already being tried in the European Union, where a 2015 rule that will fully phase in next year mandates that banks and other payment services providers like Venmo and PayPal grant the means for secured access, authorized by customers, for transaction history and account balances. They’re required to provide it through APIs, a form of online interface that allows for controlled sharing of information, and avoids less-secure mechanisms like scraping.
“What is happening there is something we point to as a positive,” says Brian Peters, executive director of FIN.
Many of the new financial firms and banks say they’d prefer to work out a standard on their own rather than by government mandate, and to an extent that’s already underway. JPMorgan and Wells Fargo, both of which had restricted or cut off access to account information to third-party firms, have started to reach individual deals. JPMorgan announced an agreement with Mint, which software firm Intuit owns, and for access to JPMorgan accounts for its applications like QuickBooks and TurboTax. Wells Fargo announced a similar deal with Xero, a New Zealand company that provides accounting software for businesses. But the consumer advocate Mierzwinski is skeptical of industry-driven approaches: If companies set the standard themselves, he says, it “will ultimately prove to be the least common denominator.”