How Industry Standardization Will Impact Data Access

Third-party financial app developers are currently challenged with a lack of data access standardization, which creates hurdles for consumers when it comes to sharing and accessing financial data across services.

Consumers are increasingly turning to third-party financial apps that seamlessly connect with their banks, managing their money through apps like YNAB, Mvelopes and MoneyDesktop, and tapping into PayPal and Google Wallet for payments. In order to achieve true global connectivity in the age of the open financial Web, a new standard for data sharing must be created, adopted, then actively governed under a framework of strict interoperability.

While key players in the financial industry — including financial institutions (FIs), fintech app developers and data aggregators — are making attempts to collaborate, we've not yet reached an agreed-upon data access standard. Those of us that are data aggregators are able to help consumers achieve their goals of data access, but with some FIs, it is more of an art than a science. This can slow the consumer's ability to make informed financial decisions, while making the app developer's job more complicated. The best way to accelerate financial services innovation and address the critical requirements of security and privacy is to collaborate on a global standard.

Currently, the following standards are available to financial app developers.

OFX 2.2

OFX is the leading financial data access technology standard, with more than 7,000 installations globally. Banks deploy OFX to provide data to their account holders using an industry standard that has stood the test of time. Last year, the OFX Consortium released OFX Version 2.2, which enables data access using an OAuth token rather than traditional login credentials. Many financial institutions are continuing to invest in and iterate their OFX services forward to OFX 2.2.

Durable Data API

The other main standard of today is the Durable Data API, or DDA. In 2015, the FS-ISAC formally adopted DDA that included OAuth and an early REST/json version of OFX. Some Financial institutions are adopting this standard because of the modernness of the API format and because it formally introduces OAuth as an authentication standard for data access.

While industry players are working closely together to improve financial data access, there is significant room for improvement. In addition to converging to a single Financial Data API standard, the industry should stand up a solution certification program. Certification against a standard will create interoperability and form the foundation of a new global financial data ecosystem. OFX, with its rich use cases and broad adoption among banks, aggregators and financial apps, and DDA, with its OAuth/REST/json API model and strong support from the security teams at banks, together create a standards dream team.

The convergence of OFX and DDA into a new, common standard will open the door to continued financial services innovation. More seamless data sharing will make it easier for small banks to leverage third-party financial applications and enable consumers to do the same, regardless of bank account type. Additionally, a shared standard will lead to more secure data sharing by incorporating applicable laws and best practices for data privacy and security, ultimately protecting consumers' information when transferred from financial institutions to third-party applications.

Once a new, global standard is adopted, the industry will have a uniform process for accessing user-permissioned transaction data from banks. This transaction data will be foundational in developing new ways to view and analyze our finances. It will further deliver valuable insights, and it's through rich insights that smarter financial decisions are made.

Nick Thomas Technologist and business builder. I break things. Currently learning how innovate, build an operation, and build people at the same time.
 

Comments

Comments(1)

Matt-Jons

I use Geltbox Money (www.geltbox.com) -automatic download from any website (banks,credit cards), high level of security (Your financial data is securely stored and encrypted only in your personal computer),

When using Geltbox you don't need to give your banking account numbers and passwords to a third party.

Geltbox doesn't use any third party Aggregation site (the user can aggregate his own data without exposing private data to any third party /web site).