Banks Duke It Out With Personal Financial Sites Over Information Sharing; Wells Takes A Collaborative Step

Wells Fargo's servers and Xero's servers will use a unique token to complete the information transfer without the password being shared, the companies said.

...

Last fall, big banks including J.P. Morgan Chase & Co., Bank of America Corp. and Wells Fargo temporarily limited the flow of information to some websites and mobile applications that aggregate consumer financial data.

Banks' concerns stem from customers sharing bank passwords with the personal-finance sites. Once the sites have access to the passwords, they frequently seek new information from the banks' sites, often without the customer being involved.

Popular finance sites such as Mint, owned by Intuit Inc., and Quicken Inc. use bank information such as account balances to give their users an up-to-date personal financial snapshot.

Quicken and Xero, meanwhile, perform a similar service for small businesses, tracking payments, tax filings and accounts across one or more financial institutions.

The frequent requests however have created problems for banks. J.P. Morgan Chief Executive James Dimon wrote in his annual shareholder letter in April that customers allowing payment companies, aggregators, financial planners and others access to their bank account information "warrants special attention."

He said J.P. Morgan analyzed many of the contracts these third parties use and found more information is taken than the third party needs to do its job.

"We simply are asking third parties to limit themselves to what they need in order to serve the customer and to let the customer know exactly what information is being used and why and how," Mr. Dimon wrote.

Other financial firms have warned their customers off giving their usernames and passwords to such sites, saying such sharing could lead to cybersecurity threats. Banks also said the frequent requests for account information had slowed down their websites.