Technological changes, regulation privacy and fraud in the financial aggregation industry Anastassios GENTZOGLANIS Faculty of Business Administration University.

Technological changes, regulation privacy and fraud in the financial aggregation industry

Anastassios GENTZOGLANISFaculty of Business AdministrationUniversity of Sherbrooke, [email protected]

Financial Aggregators Businesses (not banks), which collect data on

line, group them together and present them to customers within a single interface.

A customer’s various transactions, banking, investment and credit accounts are thus aggregated together and offered by financial aggregators either for fee or free.

The aggregating and storage technologies raise privacy and security concerns.

The Industry Primarily targeting US market, but expanding

internationally Half a dozen firms active in Canada Mint Yodlee iBank CheckMe Mvelopes PocketSmith Banks ?

The Regulators Canadian regulators are not yet very active in this field. Warnings have been issued by FCAC (Financial Consumer

Agency of Canada) as to the possible threats financial aggregation may present to Canadian consumers and recommends a cautionary use of these sites in order to avoid or reduce the risks of fraud or abuse of the financial information provided to financial aggregators by the Canadian public.

OPC – funded this project Several jurisdictions (EU, US, Australia, UK, Canada,

Japan, South Korea) have set committees to examine the privacy and fraud issues arising from the expansion of aggregator services and consider possible solutions.

The Technologies Screen Scraping

Cheap and Dirty Direct Feed

More work but more secure

Screen Scraping Fast and does not need human involvement. It uses a customer’s user name and password

provided by the customer to the aggregator and automatically enters his/her accounts;

It collects the information available and displays it on a single page for the individual consumer.

There are variations of this technology – the user-driven model and the third party model – but whatever technology is used, the screen scraping technology is currently the fastest and cheapest for aggregators to use.

Direct Feed Business to Business Financial aggregators cannot access financial information

unless they prove to the financial institution where individuals host their accounts that they have customers’ authorization to do so.

Financial aggregators have to possess consumers’ account numbers, passwords and user names, and after verification, access is allowed provided that the aggregator respects a standard communications protocol.

Once authorization is granted, all the financial information (banking, investment, Paypal accounts, utility accounts, etc.) is displayed on the aggregator’s web site.

Direct feed is costly for the financial aggregator, and it is slower.

Nonetheless, it is more secure and reliable.

The Concern That aggregators would tend to provide the

services at the lowest cost possible by using the least expensive technology, i.e., the screen scraping one and more specifically, the third party (cloud) model.

This model is the least secure and the least reliable and given that it uses extensively the cloud to store valuable information, the risks for fraud and privacy violation are higher.

The Project Questionnaires and interview guides were

developed and used to elicit information concerning the attitudes of Canadians towards aggregation

services the attitudes of financial aggregators towards

technology and safeguards they use to protect customers’ privacy and identity

Industry has refused to participate From Yodlee: “There is no upside for us…” Following are the consumer attitudes results

The results

The Survey To verify whether differences in attitudes exist

between Anglophones and Francophones, the questionnaire was translated and distributed to two different populations

Ontario Quebec

On average, the Anglophones in the sample have a higher diploma, are wealthier and a high majority of them (66%) are females

Francophones are mainly males (63%) and their income is at the lower end since they are mostly students.

The preliminary results (%)    Anglophon

es Francophones

Trust in encryption technology

Strongly 77 55Fairly 6 7

Read privacy policy  

Yes 54 18Never 40 78

Level of concern 

Very 46 61Fairly 45 29

Change in attitudes

Yes 39 25No 57 72

Platform choice 

Laptop/smart/tablet 36 69Desktop 41 17

Virtual vs bricks and mortar

Virtual with privacy 73 49Bricks and mortar without privacy

16 36

Willingness to pay

$0 55 25Less than $10 39 65

Participants’ Annual Income

Less than $19,999

Between $20,000 and

$39,999

Between $40,000 and

$59,999

Between $60,000 and

$79,000

Between $80,000 and

$99,999

Over $100,000 I'd rather not say

0%

10%

20%

30%

40%

50%

60%

70%

80%

72%

16%

6%

2%4%

0% 0%4%

9%

21%

11%

20%21%

14%

17 - What is your annual income?

QUEBECONTARIO

Participants’ Education Level

High

scho

ol d

iplo

ma

Colle

ge d

iplo

ma

Unive

rsity

dip

lom

a (U

nder

grad

uate

- Bac

helo

r’s d

egre

e)

Unive

rsity

dip

lom

a (G

radu

ate

- Mas

ter’s

deg

ree)

Unive

rsity

dip

lom

a (P

ostg

radu

ate

- Doc

tora

te)

0%

10%

20%

30%

40%

50%

60%

1%

23%

54%

18%

3%5%9%

25%

39%

21%

19 - What is the highest degree you obtained?

QUEBECONTARIO

Participants’ Gender

QUEBEC ONTARIO0%

10%

20%

30%

40%

50%

60%

70%

63%

34%37%

66%

Gender

MaleFemale

Trusting technology

NA Not at all Not too much Fairly Completely0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

4%

12%15%

6%

55%

0%

9% 7%

77%

7%

4 - When you use banks/financial institutions/financial aggregators’ services, do you trust their encryption technology?

QUEBECONTARIO

Privacy Policy

NA No, never Yes0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

3 - When you use banks/financial institutions/financial aggregators’ services,

do you read their privacy policy?

QUEBECONTARIO

Participants’ level of concern

Not at all concerned Concerned Fairly concerned Very concerned0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

7%

29%

37%

26%

11%

45%

16%

29%

8 - Please, indicate your level of concern regarding privacy, identity theft and fraud when you com-

plete financial transactions through various elec-tronic platforms:

QUEBECONTARIO

Participants’ change in attitude

NA

No, th

ere

is no

nee

d

Yes,

I do

not u

se e

lect

roni

c pla

tform

s an

ymor

e

Yes,

I'm u

sing

them

spa

ringl

y  

0%

20%

40%

60%

80%

1%

72%

3%

25%

0%

57%

4%

39%

9 - Owing to your level of concern, have you changed your attitude toward using the dif-

ferent proposed electronic platforms for completing your financial transactions?

QUEBECONTARIO

The choice of device-platform

I trust all platforms equally

No, I do not trust any platform

Yes, my desktop computer

Yes, my laptop Yes, my smartphone0%

10%

20%

30%

40%

50%

60%

70%

4%

8%

17%

63%

6%7%

16%

41%

32%

4%

10 - Is there a platform which you trust more when doing financial transactions?

QUEBECONTARIO

Choosing between virtual – brick and mortar aggregators and privacy

0%

20%

40%

60%

80%

1%

49%

1%

36%

11%2%

73%

4%16%

5%

11 - Are you willing to use a virtual bank/financial institution/financial aggregator if it offers better services but does not have an explicit privacy po-

licy?

QUEBECONTARIO

The willingness to pay for privacy

0%

20%

40%

60%63%

6% 2%

25%

4%

39%

5%0%

55%

0%

14 - If your bank/financial institution/financial aggregator ensured the privacy of your personal data for a monthly fee, which amount would you be ready to pay in compensation of this guaran-

tee?

QUEBECONTARIO

Tentative Conclusions Concerns exist but technology is trusted Consumers are motivated by convenience Anglophone and Francophone attitudes may

differ Industry refusal to cooperate very concerning What is the balance between innovation and

regulation? Who is the lead regulator?