Understanding Data Aggregators in Financial Services

For consumers, convenience is key when it comes to banking. If consumers experience friction during banking activities like linking financial accounts to external applications, it can derail authentication and lead to abandonment—putting your institution’s reputation as a seamless partner at risk.

A poor user experience and time-consuming verification methods can result in frustration among consumers, leading many banks to enable real-time account verification. Read our blog to learn more about why institutions are partnering with financial account data aggregators to modernize the verification experience.

What is a Data Aggregator?

Data aggregators are companies that facilitate the secure exchange of financial data between consumers’ bank accounts and third-party financial applications or services. These companies act as intermediaries, connecting financial institutions with fintech companies to enable various financial services and tools.

In other words, financial data aggregation, or account aggregation, allows a consumer to bring all their financial data housed in different places into one place, such as your bank’s portal. This data can include savings accounts, investments, HSAs, mortgages or other financial information.

Data Aggregation Companies

Several prominent data aggregators exist in the U.S., and some specialize in different areas like financial data APIs, investment data or credit decisioning tools. Examples of prominent data aggregators include Plaid, Finicity, Envestnet Yodlee and MX Technologies, Inc.

Institutions are seeking out partnerships with these companies to facilitate seamless experiences for their customers. An MX survey found that more than 70% of consumers would likely find a different bank or credit union if their current one couldn’t connect their financial accounts to financial apps or other online accounts.

In 2020, Plaid reported nearly 25% of Americans with bank accounts have connected to them via an app, showing consumers’ increasing reliance on this technology.

Man in a suit holds a smartphone in both hands.
Data aggregators facilitate the secure exchange of financial data between consumers’ accounts and third-party apps.

How Do Data Aggregators Work?

Traditional authentication methods rely on disjointed processes with multiple steps, such as making micro-deposits in customers’ accounts, and often take more than one business day to complete. These can even require customers to take additional steps like providing bank account and routing number information.

Data aggregators simplify the authentication process, reducing friction and enabling institutions to validate a customer’s source of funding nearly instantly.

Let’s take a budgeting app for example. If a customer downloads a budgeting app and wants to use data from their bank account at ABC Bank within the app to track spending, they will need to connect both accounts to allow data sharing. Knowing its customers expect a seamless experience when it comes to banking, ABC Bank partnered with a data aggregator to help facilitate its customers’ needs.

Here’s a look at the process:

  • Connection: When a user wants to link their bank account to a fintech app (e.g., a budgeting tool or investment platform), they’re typically prompted to select their bank and enter their online banking credentials.
  • Authentication: The data aggregator verifies the user’s identity and establishes a secure connection with the bank. This verification can be done in a variety of ways, many of which are explored in the following section.
  • Data Retrieval: Once authenticated, the aggregator accesses and retrieves the relevant financial data from the user’s account.
  • Data Sharing: The aggregator then securely transmits this data to the fintech application, allowing it to provide its services.

Authentication Methods Used by Data Aggregators

When implementing authentication methods, it’s crucial to balance security with user experience. The trend is moving towards more secure, API-based methods that don’t require credential sharing. However, the specific authentication method often depends on the capabilities of both the bank and the aggregator. Open banking standards are emerging but remain in early stages.

Here are several common authentication methods that can be used individually or layered to maximize security.

  • Credential Authentication: This is the most basic form of authentication and requires users to provide their online banking username and password. While simple, this method raises security concerns as credentials are subject to compromise and have consistently been shown to be a weak point for security.
  • OAuth (Open Authorization): As a more secure protocol, this method allows third-party applications to access user data without exposing passwords. Users are redirected to their bank’s login page to authenticate directly. Then, the bank provides a token to the aggregator to grant limited access.
  • Multi-factor Authentication (MFA): MFA adds an extra layer of security beyond just username and password, often involving sending a code to the user’s phone, using biometrics or answering security questions. However, these knowledge-based security questions often pose a security risk, and MFA codes are frequently subject to compromise via a variety of social engineering techniques. Aggregators need to be able to handle MFA prompts smoothly and maintain a good user experience.
  • Federated Identity: This method uses a third party to authenticate users across multiple platforms, simplifying the process for users who have accounts for multiple institutions. An example of this method includes logging into an account or site using your Google or Apple login.
  • Biometric Authentication: Banks are increasingly using biometric data, such as fingerprints or facial recognition, for authentication. Aggregators need to be able to interface with these systems when accessing user accounts.
  • Persistent Access: Some aggregators offer methods for maintaining persistent access to accounts. While this reduces the need for users to frequently re-authenticate, it does require robust security measures.

Community banks should prioritize partnerships with aggregators that use modern, secure authentication methods, preferably API-based systems with tokenization. It’s also important to educate customers about these authentication processes to build trust and ensure they’re using these services safely and effectively.

A man works on a laptop and a translucent security lock, biometric fingerprint and login page appear on screen.
Authentication methods can be layered or used in tandem to maximize security for users.

Trends Driving the Data Landscape

The data aggregation landscape is evolving rapidly, especially as open banking continues gaining momentum. Open banking enables third-party developers to access a financial institution’s data, so institutions can offer new products without building them internally or having a sole technology provider. Open banking APIs enable many different services through bank data exchange, including financial services like payments and account management, onboarding identity verification and many more.

This prevalence of open banking has led to regulatory initiatives that push for standardized APIs and greater data sharing. To help institutions personalize their offerings, aggregators offer more sophisticated data analysis tools.

Beyond data sharing, aggregators are expanding their services and moving into areas like identity verification and risk assessment. Increased collaboration among banks, aggregators and fintech companies is also a key trend, especially as these partnerships grow and evolve.

Benefits of Data Aggregators

Partnering with a data aggregator allows community banks to provide their customers with frictionless account verification. Other benefits include:

  • Enhanced Customer Experience: By working with a data aggregator, banks can enable customers to use popular fintech tools seamlessly.
  • Increased Visibility: Banks can also gain insight into which third-party services customers use and leverage that insight to create more personalized offerings.
  • New Revenue Opportunities: Working with data aggregators provides the potential for partnerships with fintech companies.
  • Improved Security: The methods used by some data aggregators, such as API-based connections, reduce risks associated with screen scraping.
  • Regulatory Compliance: Partnering with an aggregator can help institutions meet open banking and data sharing regulations.

Data aggregation doesn’t just benefit banks. By partnering with data aggregators, banks can help their customers experience:

  • Convenience: Customers have easy access to a wide range of financial tools and services. If customers find an app or platform they want to use, having a partnership in place allows them to seamlessly share their financial data.
  • Holistic Financial View: Customers can aggregate data from multiple accounts in one place, giving them a comprehensive view of their finances.
  • Personalized Services: Instead of a one-size-fits-all approach, customers can access tailored financial advice and product recommendations.
  • Faster Processes: A seamless process enables customers to experience quicker account verification and money transfers.
A woman in a bright yellow sweater looks at her smartphone and also has a laptop open in front of her.
Partnering with a data aggregator allows banks to experience distinct benefits, including providing a seamless experience to customers.

Security Considerations for Banks

While data aggregators offer numerous benefits, it’s crucial to address security concerns. Modern aggregators are moving towards API-based connections, which are more secure than traditional screen scraping methods that represent risk and potential errors when gathering information shown on a display. API-based connections enable a more secure ability to access data.

Many aggregators use tokenization to protect user credentials, replacing sensitive data with unique identification symbols. To further strengthen security, banks should minimize the data available to aggregators and ensure they only access and share the specific data needed for the requested service. Customers should have the ability to manage and revoke access to their data.

Aggregators should also adhere to data protection regulations and industry standards. It’s up to institutions to conduct due diligence and ensure any data aggregator they partner with prioritizes compliance.

Delivering a Seamless Customer Experience

Data aggregators play a crucial role in the modern financial ecosystem, enabling innovation and improving the customer experience. By understanding and embracing these technologies, community banks can stay competitive, enhance their service offerings and better meet the evolving needs of their customers.

However, as with most new technologies, banks should approach data aggregation partnerships with a focus on security, compliance and customer education to ensure successful and responsible implementation.

Want to learn more about enabling real-time account verification?

Let’s Talk

 

Matt Herren
Matt Herren, Payments Industry Consultant

With a strong focus on emerging technologies and how they apply to the financial industry, Matt has led CSI’s effort to drive innovation in the payment space. Matt has worked for more than a decade at CSI to enhance customer experience and helped direct innovative product offerings to increase bank profitability, allowing banks to realize industry-leading results and maximize program performance. He has spoken at dozens of state and national conferences on the future of banking and is bizarrely passionate about innovation and consumer experiences.

Get In Touch

Are you looking for the edge to outperform the competition? CSI is a full-service technology and compliance partner.

Let’s talk