JPMorgan Ups Security By Blocking FinTechs From Passwords 

The downside of data sharing has come full circle as JPMorgan Chase strives for enhanced protection by blocking FinTech apps from accessing customers’ passwords, The Financial Times (FT) reported on Tuesday (Jan. 2).

As a way to get users’ passwords “out of the system,” the lender will disburse tokens to third parties, embedded with limited data, Bill Wallace, Chase’s head of digital, told FT. 

JPMorgan chief executive officer (CEO) Jamie Dimon had anticipated risks from data sharing and relayed his fears in a 2016 shareholder letter.

“Many third parties sell or trade information in a way customers may not understand, and the third parties, quite often, are doing it for their own economic benefit — not for the customer’s,” he wrote. “Often this is being done on a daily basis for years after the customer signed up for the services, which they may no longer be using.” 

Research by Consumer Reports indicated that “few people” read the privacy statements they agree to and sign, Christina Tetreault, policy counsel for Consumer Reports, told FT.

“Most of the digital financial products and services . . . are take-it-or-leave-it transactions where consumers lack both meaningful notice about what is collected and where it goes,” she said. 

Giving third parties only specific data makes customers aware of what is being used and “removes the need to hand over their passwords,” Wallace said.

Account aggregators Yodlee and Plaid were among the first FinTechs to sign on to using tokens for Chase transactions. 

Yodlee uses data feeds for 67 percent of the information it aggregates for its clients. Chad Wiechers, Yodlee’s senior vice-president for data access, told FT that when customers had to provide passwords, only “necessary” data was tapped.

Plaid is collaborating with Chase to make sure the tokens collect the information clients need, Sima Gandhi, head of strategy at Plaid, told FT.

There is no official launch date for removing password-based access, and Wallace said the planned change shouldn’t prevent any apps from working with Chase customers. Data security is an issue with far-reaching consequences. the reported number of exposed consumer records that contained sensitive personally identifiable information jumped 126 percent between 2017 and 2018.