JPMorgan Chase and Intuit to Securely Share Data Through APIs
JPMorgan Chase and Intuit announced a partnership to share bank financial data easily and securely through APIs on January 25. With this partnership, JPMorgan Chase customers can now authorize the bank to share their account data with Intuit’s financial management applications like Mint and TurboTax.
As a first step, the two companies will introduce Open Authentication and will exchange data through the Open Financial Exchange (OFX) 2.2 API.
JPMorgan Chase customers can now avoid giving their banking user names and passwords since the technology will use an API token-based approach using OAuth to authorize Intuit apps to download the requested account information.
“The most important part of this is giving control to the customer,” said Jamie Dimon, chairman and CEO of JPMorgan Chase. “Customers will get to decide what they want to share and when they want to share it – without having to hand over their password.”
The earlier approach to sharing data used screen scraping, which is a process where customers have to share their banking usernames and passwords with third-party apps, which in turn would fetch the banking account data on behalf of the customer. Dimon had raised concerns about third party access to customer bank account details in his annual shareholder letter in April 2016.
“When we all readily click 'I agree' online or on our mobile devices, allowing third party access to our bank accounts and financial information, it is fairly clear that most of us have no idea what we are agreeing to or how that information might be used by a third party”, Dimon wrote.
With APIs, third parties gain no access to sensitive personal information.
JPMorgan Chase is among a few big US banks to adopt the API based approach to sharing data with third party applications. In June last year, Wells Fargo also announced a similar partnership with Xero to share bank account data through APIs, that will let direct bank data feeds into Xero to get real-time reports.
This partnership also aligns closely with the Center for Financial Services Innovation’s “Consumer Data Sharing Principles”, which guides the financial services industry as it works to establish a data-sharing ecosystem that is secure, inclusive and innovative.
This partnership between JPMorgan Chase and Intuit is not exclusive. The press release clearly states that they will continue to pursue similar agreements with other industry players seeking to give customers more control of their financial information while enhancing security.
Microsoft, Intuit, and CheckFree developed the original OFX specification in 1997 using SGML syntax. The current, released in 2016, uses a more widely accepted data-formatting standard like XML, uses HTTP standard for client-server communication and adds support for OAuth token-based authentication model. Currently more than 7,000 banks, brokerages and personal finance management companies use OFX in some form.