JPMorgan Chase inked an agreement with data aggregator Envestnet l Yodlee to help protect customers’ financial data. The agreement will give Chase customers more visibility and control as they use financial apps.
“This will help our customers manage exactly who they give their information to, and understand how their information will be used,” said Bill Wallace, head of Digital at Chase, the U.S. consumer and community banking business of JPMorgan Chase. “They also can cancel that access anytime they want.” With the customer’s permission, Envestnet l Yodlee shares their data with other financial apps and financial institutions to help the customer make smart money decisions more easily.
With this new agreement, Envestnet I Yodlee is committing to send 100% of its requests for Chase customer data through the bank’s secure API, or application programming interface. This will ensure the apps can receive Chase customer data they need while customers control what’s shared with whom.
“Our partnership with Chase will allow further consumer choice, reliability, and insight into how and where their data is being used, along with improved overall financial well-being,” said Stuart DePina, CEO of Envestnet | Yodlee. “As we move toward API-based connectivity in the United States, relationships like the one we have with Chase are laying the groundwork for this reality by giving consumers greater connectivity across their financial accounts, all accomplished through these types of secure and protected channels.”
Because the secure API uses a token-based approach, customers will no longer need to give out their username and password – confidential credentials that should always be treated with the utmost care.
Chase now has signed data agreements with a number of leading aggregators and fintechs, including Finicity and Intuit, maker of TurboTax, QuickBooks and Mint.
In the AccountSafeSM dashboard available in the Chase Mobile app and on chase.com, customers can see every financial app that is retrieving their data through the secure API — including Envestnet | Yodlee-powered apps in the future. They can see all linked accounts and which information they are sharing, with whom, from which accounts. They can also see which of their own devices accessed their accounts and when.
“In the future, we will require all these requests for our customers’ information to come through the secure API,” Wallace said. “Our customers deserve that protection and control.”
How the secure API works to protect Chase customers
A Chase customer finds an app, advisor or financial institution they would like to use, and it’s easier and safer for them to share their Chase data electronically through the secure API.
- The app uses a company such as Intuit or Envestnet l Yodlee to connect the customer directly to a secure Chase page. There, the customer enters their Chase username and password, and the company doesn’t see or retain that confidential information.
- The customer provides their consent to share data with that particular app. The consumer clearly sees what kind of information will be shared and can decide which accounts to share with that app.
- Using token-based security in the secure API, Chase shares only the type of information the app or institution needs, such as balances, transactions or the last four digits of an account number and only from the accounts specified by the customer.
- The app or institution uses the data to help the customer make smart decisions about their money.
- Using AccountSafeSM on the Chase Mobile app and chase.com, the customer sees which apps or institutions are now linked to their accounts. The customer can cancel access for each app or institution at any time.
“Data aggregation through an API rather than screen scraping can not only enhance security for apps that access consumers’ bank account data but also can be used to give consumers critical control over access to that data and a simple mechanism to turn it off,” said Lauren Saunders, Associate Director, National Consumer Law Center.