Security & Fraud

JPMorgan Ups Security By Blocking FinTechs From Passwords 

The downside of data sharing has come full circle as JPMorgan Chase strives for enhanced protection by blocking FinTech apps from accessing customers’ passwords, The Financial Times (FT) reported on Tuesday (Jan. 2).

As a way to get users’ passwords “out of the system,” the lender will disburse tokens to third parties, embedded with limited data, Bill Wallace, Chase’s head of digital, told FT. 

JPMorgan chief executive officer (CEO) Jamie Dimon had anticipated risks from data sharing and relayed his fears in a 2016 shareholder letter.

“Many third parties sell or trade information in a way customers may not understand, and the third parties, quite often, are doing it for their own economic benefit — not for the customer’s,” he wrote. “Often this is being done on a daily basis for years after the customer signed up for the services, which they may no longer be using.” 

Research by Consumer Reports indicated that “few people” read the privacy statements they agree to and sign, Christina Tetreault, policy counsel for Consumer Reports, told FT.

“Most of the digital financial products and services . . . are take-it-or-leave-it transactions where consumers lack both meaningful notice about what is collected and where it goes,” she said. 

Giving third parties only specific data makes customers aware of what is being used and “removes the need to hand over their passwords,” Wallace said.

Account aggregators Yodlee and Plaid were among the first FinTechs to sign on to using tokens for Chase transactions. 

Yodlee uses data feeds for 67 percent of the information it aggregates for its clients. Chad Wiechers, Yodlee’s senior vice-president for data access, told FT that when customers had to provide passwords, only “necessary” data was tapped.

Plaid is collaborating with Chase to make sure the tokens collect the information clients need, Sima Gandhi, head of strategy at Plaid, told FT.

There is no official launch date for removing password-based access, and Wallace said the planned change shouldn’t prevent any apps from working with Chase customers. Data security is an issue with far-reaching consequences. the reported number of exposed consumer records that contained sensitive personally identifiable information jumped 126 percent between 2017 and 2018.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.