On August 22, 2018, The Clearing House issued a report concerning fintech apps and data privacy. The report notes how fintech apps have experienced a rapid rise in popularity in recent years, in large part because they provide solutions “designed to be simple, fast and accessible via smartphones and tablets,” but that they also pose certain data privacy risks. To better understand consumer perceptions and awareness of third-party personal and financial data collection, The Clearing House conducted a survey of more than 2,000 U.S. banking consumers and oversampled to reach 1,500 fintech users in the first quarter of this year.
Key findings from the survey include:
- One-third of U.S. banking consumers use at least one fintech app. Apps for personal financial management and budgeting/saving are the most popular services, followed by investment services and robo-advisors as well as lending services.
- Nearly nine in ten consumers said they are concerned about data privacy and data sharing—and two-thirds are very or extremely concerned. Consumers’ concerns about privacy extend to practically all types of financial and personally identifiable information (e.g., payment information, financial history, bank account username and password, Social Security numbers).
- Consumers want to be able to control access to their information. A majority of respondents said they would like to determine which of their financial accounts and data types can be accessed by a third party. Consumers stated that their preferred mechanisms for exercising control over third-party access to their data would be a permissions dashboard that they can access through their primary bank or within the fintech apps they use.
- Most fintech app users believe they understand and can control how their data is accessed, collected, used and shared by third parties, but consumers’ actual awareness of fintech data aggregation practices is often less. Less than half of fintech users surveyed believe these apps can access their personally identifiable information or financial information and history—even though they often can (and do). In addition, consumers also have different understandings on how long fintech apps have access to their information. Fintech users over the age of 45 were more likely to say they did not know how long their data would be accessible, and more likely to say that their data is always accessible. Younger consumers, however, disproportionately believe their data is not accessible after closing a fintech app. After being told that many fintechs, as part of their terms and conditions, gain consent from consumers to use their data for purposes other than operating the app itself, nearly half of fintech users surveyed said they are now less likely to use these services.
- Banks are viewed as the most trusted provider of data security—and are expected to safeguard their customers’ personal information. One way in which banks can meet consumers’ expectations is by providing educational materials about how fintech apps access, store, use and share consumer data.
According to The Clearing House, these findings “underscore the need for collaborative action to ensure that the personal and financial information accessed by third parties is being handled securely and consumers’ expectations for data security are being met. The financial services ecosystem is built on trust between consumers and companies; failure to live up to consumers’ expectations and keep their information safe puts that trust at risk. There is a need for a concerted effort by all stakeholders— including banks, fintechs, data aggregators, regulators, and consumers—to ensure data security.”
The report provides the following three recommendations:
- Further efforts to expand consumer awareness about how fintech apps access, collect, store, use and share users’ personal and financial data;
- Greater collaboration among industry stakeholders on principles, guidelines, and technical standards to govern the access, collection, use, storage, and sharing of consumer data in the financial services ecosystem; and
- Broader use of secure application programming interfaces (APIs) within the financial services ecosystem.
“As consumers are increasingly using fintech apps, we need to make sure their financial information is being accessed safely. Banks and fintechs need to work together to develop more secure methods for consumer-controlled data sharing,” stated Dave Fortney, executive vice president, product development and management, at The Clearing House.
The Clearing House is currently collaborating with banks, regulators, fintech app providers and technology companies on the topics of secure financial data sharing, controls and data privacy. Later this year, The Clearing House will announce additional steps intended to promote the safety, security and transparency of consumer data sharing.