Technological changes, regulation privacy and fraud in the financial aggregation industry
Anastassios GENTZOGLANISFaculty of Business AdministrationUniversity of Sherbrooke, [email protected]
Financial Aggregators Businesses (not banks), which collect data on
line, group them together and present them to customers within a single interface.
A customer’s various transactions, banking, investment and credit accounts are thus aggregated together and offered by financial aggregators either for fee or free.
The aggregating and storage technologies raise privacy and security concerns.
The Industry Primarily targeting US market, but expanding
internationally Half a dozen firms active in Canada Mint Yodlee iBank CheckMe Mvelopes PocketSmith Banks ?
The Regulators Canadian regulators are not yet very active in this field. Warnings have been issued by FCAC (Financial Consumer
Agency of Canada) as to the possible threats financial aggregation may present to Canadian consumers and recommends a cautionary use of these sites in order to avoid or reduce the risks of fraud or abuse of the financial information provided to financial aggregators by the Canadian public.
OPC – funded this project Several jurisdictions (EU, US, Australia, UK, Canada,
Japan, South Korea) have set committees to examine the privacy and fraud issues arising from the expansion of aggregator services and consider possible solutions.
The Technologies Screen Scraping
Cheap and Dirty Direct Feed
More work but more secure
Screen Scraping Fast and does not need human involvement. It uses a customer’s user name and password
provided by the customer to the aggregator and automatically enters his/her accounts;
It collects the information available and displays it on a single page for the individual consumer.
There are variations of this technology – the user-driven model and the third party model – but whatever technology is used, the screen scraping technology is currently the fastest and cheapest for aggregators to use.
Direct Feed Business to Business Financial aggregators cannot access financial information
unless they prove to the financial institution where individuals host their accounts that they have customers’ authorization to do so.
Financial aggregators have to possess consumers’ account numbers, passwords and user names, and after verification, access is allowed provided that the aggregator respects a standard communications protocol.
Once authorization is granted, all the financial information (banking, investment, Paypal accounts, utility accounts, etc.) is displayed on the aggregator’s web site.
Direct feed is costly for the financial aggregator, and it is slower.
Nonetheless, it is more secure and reliable.
The Concern That aggregators would tend to provide the
services at the lowest cost possible by using the least expensive technology, i.e., the screen scraping one and more specifically, the third party (cloud) model.
This model is the least secure and the least reliable and given that it uses extensively the cloud to store valuable information, the risks for fraud and privacy violation are higher.
The Project Questionnaires and interview guides were
developed and used to elicit information concerning the attitudes of Canadians towards aggregation
services the attitudes of financial aggregators towards
technology and safeguards they use to protect customers’ privacy and identity
Industry has refused to participate From Yodlee: “There is no upside for us…” Following are the consumer attitudes results
The results
The Survey To verify whether differences in attitudes exist
between Anglophones and Francophones, the questionnaire was translated and distributed to two different populations
Ontario Quebec
On average, the Anglophones in the sample have a higher diploma, are wealthier and a high majority of them (66%) are females
Francophones are mainly males (63%) and their income is at the lower end since they are mostly students.
The preliminary results (%) Anglophon
es Francophones
Trust in encryption technology
Strongly 77 55Fairly 6 7
Read privacy policy
Yes 54 18Never 40 78
Level of concern
Very 46 61Fairly 45 29
Change in attitudes
Yes 39 25No 57 72
Platform choice
Laptop/smart/tablet 36 69Desktop 41 17
Virtual vs bricks and mortar
Virtual with privacy 73 49Bricks and mortar without privacy
16 36
Willingness to pay
$0 55 25Less than $10 39 65
Participants’ Annual Income
Less than $19,999
Between $20,000 and
$39,999
Between $40,000 and
$59,999
Between $60,000 and
$79,000
Between $80,000 and
$99,999
Over $100,000 I'd rather not say
0%
10%
20%
30%
40%
50%
60%
70%
80%
72%
16%
6%
2%4%
0% 0%4%
9%
21%
11%
20%21%
14%
17 - What is your annual income?
QUEBECONTARIO
Participants’ Education Level
High
scho
ol d
iplo
ma
Colle
ge d
iplo
ma
Unive
rsity
dip
lom
a (U
nder
grad
uate
- Bac
helo
r’s d
egre
e)
Unive
rsity
dip
lom
a (G
radu
ate
- Mas
ter’s
deg
ree)
Unive
rsity
dip
lom
a (P
ostg
radu
ate
- Doc
tora
te)
0%
10%
20%
30%
40%
50%
60%
1%
23%
54%
18%
3%5%9%
25%
39%
21%
19 - What is the highest degree you obtained?
QUEBECONTARIO
Participants’ Gender
QUEBEC ONTARIO0%
10%
20%
30%
40%
50%
60%
70%
63%
34%37%
66%
Gender
MaleFemale
Trusting technology
NA Not at all Not too much Fairly Completely0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
4%
12%15%
6%
55%
0%
9% 7%
77%
7%
4 - When you use banks/financial institutions/financial aggregators’ services, do you trust their encryption technology?
QUEBECONTARIO
Privacy Policy
NA No, never Yes0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
3 - When you use banks/financial institutions/financial aggregators’ services,
do you read their privacy policy?
QUEBECONTARIO
Participants’ level of concern
Not at all concerned Concerned Fairly concerned Very concerned0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
7%
29%
37%
26%
11%
45%
16%
29%
8 - Please, indicate your level of concern regarding privacy, identity theft and fraud when you com-
plete financial transactions through various elec-tronic platforms:
QUEBECONTARIO
Participants’ change in attitude
NA
No, th
ere
is no
nee
d
Yes,
I do
not u
se e
lect
roni
c pla
tform
s an
ymor
e
Yes,
I'm u
sing
them
spa
ringl
y
0%
20%
40%
60%
80%
1%
72%
3%
25%
0%
57%
4%
39%
9 - Owing to your level of concern, have you changed your attitude toward using the dif-
ferent proposed electronic platforms for completing your financial transactions?
QUEBECONTARIO
The choice of device-platform
I trust all platforms equally
No, I do not trust any platform
Yes, my desktop computer
Yes, my laptop Yes, my smartphone0%
10%
20%
30%
40%
50%
60%
70%
4%
8%
17%
63%
6%7%
16%
41%
32%
4%
10 - Is there a platform which you trust more when doing financial transactions?
QUEBECONTARIO
Choosing between virtual – brick and mortar aggregators and privacy
0%
20%
40%
60%
80%
1%
49%
1%
36%
11%2%
73%
4%16%
5%
11 - Are you willing to use a virtual bank/financial institution/financial aggregator if it offers better services but does not have an explicit privacy po-
licy?
QUEBECONTARIO
The willingness to pay for privacy
0%
20%
40%
60%63%
6% 2%
25%
4%
39%
5%0%
55%
0%
14 - If your bank/financial institution/financial aggregator ensured the privacy of your personal data for a monthly fee, which amount would you be ready to pay in compensation of this guaran-
tee?
QUEBECONTARIO
Tentative Conclusions Concerns exist but technology is trusted Consumers are motivated by convenience Anglophone and Francophone attitudes may
differ Industry refusal to cooperate very concerning What is the balance between innovation and
regulation? Who is the lead regulator?