Julie Rogers/Zuma Press
Updated Nov. 9, 2015 7:47 p.m. ET
Bank of America Corp.
is among a number of financial firms to temporarily cut off the flow of information to some websites and mobile applications that aggregate consumer financial data, according to people familiar with the matter.
The bank’s move reflects the rising tension between Wall Street and technology firms over these services, which are popular with consumers and a cause of concern for banks. Several banks have recently posted warnings on their websites discouraging customers from dealing with these financial aggregators.
“This is a shot across the bow from banks,” said Michael Kitces, director of planning research at Pinnacle Advisory Group Inc., which offers wealth-management services.
Consumers in recent years have flocked to aggregator sites in particular as a way to monitor numerous financial relationships in one place. In the past five years, the number of users on aggregator Mint.com rose more than sixfold to 20 million, according to the company.
While the banks have an interest in protecting their turf and not sharing customers with tech-savvy upstarts, they have also raised concerns that the aggregator sites may threaten consumers’ account security and the performance of bank websites. Banks said they are within their rights to block or slow customers’ access to their own financial data.
Banks are in part responding to a surge in venture-capital investment in personal finance startups, many of which aim to lure customers from banks or at least make it easier for consumers to shop among banks and startups for the best price or services.
Consumer banking and retail investing startups have raised $673 million globally so far in 2015, the most since the dot-com peak in 2000, according to Dow Jones VentureSource.
Consumers and industry executives have reported a number of incidents in recent months that disrupted services to various aggregator sites.
The rivalry came to a head in recent weeks when J.P. Morgan restricted customers of Mint.com and Quicken, two popular products of Intuit Inc.,
from seeing information about the customers’ own bank accounts through the Intuit products, according to the Mountain View, Calif., financial-information company.
A spokeswoman for Intuit said “security is central to everything we do. This includes continuously strengthening online account security and data transmission for all our offerings, including Mint, to safeguard customers’ information.”
San Francisco-based Digit.co, an aggregator that tracks customers’ balances and automatically shifts a portion to a savings account as directed by the customer, said in an Oct. 27, blog post that it was having “intermittent connection issues” with some users who bank with J.P. Morgan.
The issues affected Digit’s ability to report checking account balances and to transfer some of the consumer’s money into savings. The outage has since been resolved, Digit said Friday.
“We know that our customers love these apps, so we’re working with the providers to make these interactions more secure,” a J.P. Morgan spokeswoman said in an email. “But in the meantime, we want our customers to realize that they may be trading account security for convenience when handing over their password” to third-party sites.
J.P. Morgan Chairman and CEO James Dimon has publicly complained about the rise of the aggregator sites and the implications for data security.
Wells Fargo added an additional level of security to its accounts last month that a bank spokesman said “may inadvertently impact the ability of financial aggregators to gather customer information.”
Bank of America’s action dates to July, when the firm took steps that led to at least two aggregators being shut out, according to people familiar with the matter. One of the aggregators was shut out for about four hours, the people said.
“Our highest priority is to serve our customers in a secure manner across the various channels we provide to them directly,” said a Bank of America spokesman. “We actively manage any trade-offs needed to ensure this.”
The recent snafus have frustrated at least some customers at aggregators. The recent Digit interruption with J.P. Morgan “threw my financial life in disarray,” said Henry Yeh, a systems engineer from San Francisco who is a customer of both companies. “I’m someone who places complete faith in technology to make smarter decisions than I would.”
“Banks might say they own the data, but they’re my transactions,” said John Luciano, founder of Aqumulate, an aggregation service for financial advisers. “Who are they to say I can’t view them over here?”
A banking-industry group said Monday that it is developing security guidelines that it wants financial aggregators to follow.
The recommendations, set to be released this month, would aim to get aggregators to use more of security practices that banks use. “Clearly, there is convenience here for consumers, but let’s make sure the data is secure,” said Bill Nelson, chief executive of the group, known as FS-ISAC.
“Aqumulate utilizes the same security measures that the big banks do,” said Mr. Luciano.
The view from some banks is that if a customer willingly provides passwords and login information, whether to a friend or aggregator, the bank wouldn’t be on the hook if that account lost money through a hack. No aggregator has been the victim of a known major data breach.
To collect information seamlessly, aggregators often require that customers turn over bank-account passwords. Banks including J.P. Morgan, Capital One Financial Corp.
and Fifth Third Bancorp
have warned customers that such sharing could be a security risk.
Aggregators “may be smaller startup companies that do not have sophisticated security and fraud teams,” noted Fifth Third on its website. Capital One, which is one of the largest credit-card issuers in the U.S., told customers in a notice on its website: “If you choose to share account access information with a third-party, Capital One is not liable for any resulting damages or losses.”
A Capital One spokeswoman said, “We have that language in place for security reasons. We may need to block access to a specific aggregator if they experience a data security issue in order to protect our customers and their information.”
Fifth Third declined to comment.
—Robin Sidel and Telis Demos contributed to this article.
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.