JPMorgan Chase has reached a milestone five years in the making — the bank says it is now routing all inquiries from third-party apps and services to access customer data through its secure application programming interface instead of allowing these services to collect data through screen scraping.
The New York bank made this announcement on Thursday.
“It’s a big win for our customers because they get greater control over their data and more visibility around which applications will use the data and which accounts they will be sharing with those applications,” Paul LaRusso, head of data aggregation at Chase, said in an interview.
Chase started signing data-sharing agreements with fintechs and data aggregators including Envestnet Yodlee, Finicity, Intuit and Plaid in 2017. At the same time, it built an API channel so customers could share their data in a more secure fashion than letting these services access their login credentials. In 2020, Chase outlined more details about its plans, including the dashboard customers could use to grant and revoke access to outside services.
“It’s not a flick of a switch,” LaRusso said. “There are thousands of third-party applications our customers are using to manage a budget, pay a bill, apply for a loan or prepare taxes.” The bank spent more than two years phasing out screen scraping and migrating companies to the API, which also happened in phases depending on when the bank signed data-sharing agreements.
Customers using a third-party app that needs access to Chase will log in and authenticate themselves directly with the bank. The customer can choose which accounts and data to share with the third party, as well as turn off access via the Security Center dashboard on Chase’s website or app.
Chase and other major banks have made other progressions to end screen scraping in recent years. It is one of 11 banks to own the Akoya Data Access Network, which helps participants handle their data-sharing relationships and enable multiple API connections. In early 2021, it was one of the banks to pilot — and then sign onto — the Streamlined Data Sharing Risk Assessment offered by The Clearing House and the risk-assessment providers TruSight and KY3P. The goal of this service was to produce standard risk assessments of data aggregators.