BBVA and B of A move to make data sharing safer, less painful
Our app-driven world runs on data. If consumers want convenience and quality of service—and they do—that increasingly means sharing their personal information with third parties.
Banks have begun making it easier and more appealing for them to do so. Among those at the forefront are BBVA and Bank of America, both of which this week announced new efforts to provide a rich supply of customer data to third-party companies and developers.
The news comes as the Consumer Financial Protection Bureau is evaluating the myriad issues associated with data sharing, and the Center for Financial Services Innovation is studying the potential collateral damage that one-off data deals could cause. The European Union, meanwhile, is determining whether screen scraping—the method that requires consumers to share bank credentials—will be permitted in upcoming regulation.
On Wednesday, BBVA struck a blow for open banking by launching a market to make eight of its application programming interfaces available to businesses for the first time. By accessing customers' financial data—with their permission, of course—and integrating it into applications, developers will be able to create new services and provide better user experiences around payments management, identity verification and more.
The Spanish bank is "aiming to become the best platform on which to build new digital experiences," Derek White, BBVA's global head of customer solutions, said in a news release. "This is a customer-led business opportunity."
BBVA's partners so far include the geomarketing startups Geoblink, Carto and Bismart, the software vendors SAGE, Anfix and Simplygest and companies on the IBEX 35, an index of the 35 most liquid stocks on Spain's primary stock exchange. During the API market's test phase last year, more than 1,500 businesses and developers registered to try it out.
"For customers who use data aggregation services, we are making it more transparent and simpler for them to see who they're sharing data with and to turn it off when they want," says Bank of America's Michelle Moore.Earlier this week, Bank of America announced that it was working with two data aggregators on a new data-sharing model that will also use APIs.
The experience is expected to work like this: Customers log in to the data aggregation service they use and are asked to verify or add a Bank of America account. They will then be connected to the Bank of America site to acknowledge their consent to share data. A spokeswoman declined to identify the two partners and said only that the bank is working with "all the major aggregators" to test this data-sharing model.
"We value customer choice and want customers to securely access their information when and where they want," Michelle Moore, head of digital banking at Bank of America, said in a statement. "For customers who use data aggregation services, we are making it more transparent and simpler for them to see who they're sharing data with and to turn it off when they want."
The model is similar to the ones other large banks have been making in recent months. Wells Fargo made a splash in April by welcoming an API partnership with Finicity, a data aggregator that supplies financial data to apps ranging from online lending to money management, in addition to making API deals with Intuit and Xero. A number of other banks have also struck data deals with technology companies. JPMorgan Chase, for instance, has partnered with Intuit.
The idea of all such deals is to help bank customers share their data with apps in a safer way than by sharing their actual bank credentials, which is what personal finance apps such as Mint currently require of users.
BBVA, too, says it is committed to customer privacy. Applications built using its APIs will be granted access to a customer's information only if that customer expressly allows it. The single exception, according to BBVA, is Paystat, which works with anonymized data in the aggregate pertaining to card transactions.
Despite BBVA's talk of making open banking a reality, its API market initially will serve only the bank's Spanish customers, though plans call for it to be rolled out to American customers later this year. The bank intends eventually to open the market to Turkey, Mexico and the rest of Latin America.
Banks such as BBVA, which says it aspires to become "the innovation engine" for third-party companies, have reason to hope that regulators won't come down too hard on data sharing.
According to its news release, the Spanish bank expects that opening up its APIs could lead to new customers and loan originations. Its loan API, for instance, could be integrated into a third-party app in such a way that a BBVA customer could finance the purchase of a product or service at the point of sale with a BBVA loan.
"The great thing about this business is that we can think up some basic uses, and build a service around those," Raúl Lucas, the bank's head of open APIs in Spain, said in a statement. "But when we make them available to third parties—the ones who really know their businesses—they come up with uses which would never even have occurred to us."