With the myriad of proposed and instituted data protection rules and regulations across the globe, screen scraping is under scrutiny for its security challenges. In the mortgage industry for example, screen scraping is a popular solution for gathering borrowers’ financial data as well as consuming trustee data for the monthly performance of mortgages included in securitizations.
Capturing too much data is one concern with screen scraping. For example, scanning a complete bank statement can provide excess information such as account numbers not associated with the target account when considering that images of personal check deposits are on some statements. Account statements also offer up personal addresses and sometimes credit scores now too, when perhaps all that is needed in a use case is a balance amount or, to verify income for a mortgage, a summary of deposits originating from an employer.
Screen scraping can also be misconstrued as a cyber incident, particularly in the context of an inquiry from a data aggregator to a financial institution’s site to capture a large amount of financial data for data aggregation purposes, as in the trustee data download example.
Two of the most high profile legislative actions for consumer data protection originated from the European Commission – General Data Protection Regulation (GDPR) and Revised Payment Service Directive (PSD2). While GDPR focuses on protecting Personally Identifiable Information (PII) for consumers, PSD2 orders the implementation of APIs by banks for the safer exchange of account and payment information. The latter mandate encourages the development of solutions that would replace screen scraping with more secure data exchange alternatives.
Although not yet driven by equivalent regulation in the US, the US mortgage industry is nonetheless eager for secure APIs and other technological advances in the ongoing effort to digitally transform the mortgage process. For example, fintech inspired Better Mortgage, a Silicon Valley start-up, is on a mission to simplify and speed up the mortgage process, promising improved transparency so that potential borrowers can know exactly what stage of the process a loan is in prior to closing.
One API gaining traction in the United States is the Durable Data API from the Financial Services Information Sharing and Analysis Center (FS-ISAC). As stated on fsisac.com, “FS-ISAC is the global financial industry’s go to resource for cyber and physical threat intelligence analysis and sharing.”
The Durable Data API presents an opportunity to establish a standard for banks and third parties to share data and support open banking. Rather than screen scraping, relevant information can be isolated and exchanged, and the account holder’s consent for the data sharing can be captured, thus giving the user control over protecting data. Wells Fargo and Fidelity are early adopters of the Durable Data API.
Driven by an anticipated strengthening of cyber and privacy-oriented regulations in the US, coupled with increasing consumer demand for speed and efficiency, fintech solutions will continue to evolve, in the process creating financial data exchanges and other innovations. The result will be not just improvements in efficiency and protection of privacy, but also a reduction in manual paper-based processes and, as a result, more accurate data and reduction in risk.
Link to the Durable Data API press release: