Consumers want choice, but rarely does it mean they choose one institution for all their financial services needs. More common than not, each consumer has an eclectic mix of different tools they use from different financial services institutions (FSIs). This is especially true in the age of prolific and growing FinTech offerings. Consumers now have more choices than they’ve ever had before, and it is reshaping the financial services sector.
FSIs are adapting to consumer needs for seamless integration between their traditional accounts and the smorgasbord of FinTech apps—and as FinTech popularity grows, the importance of APIs and FinTech data aggregators are growing with them.
This new and exciting frontier in financial services is leading to better overall experiences for consumers, and even strengthening value propositions through synergies for legacy organizations and FinTechs alike.
Unfortunately, this increasingly complex ecosystem is showing new cracks in traditional cyber defenses, and criminals are ready to pounce. Thus, new security efforts must be taken into consideration, and not only for both the financial institution and the FinTech data aggregator, but the customer in the middle as well.
FinTech Explosion and Implications
Per the State of FinTech report by CBInsights, Global FinTech funding more than doubled to reach record $132B in 2021. This growth is a clear sign of the more prominent role nontraditional financial services offerings are playing for consumers.
Financial services executives are taking notice as they face loyal customers choosing FinTech apps for specific requirements over their comparable digital offering. This especially stings for many in the financial sector after years of investing in developing consumer-first apps that really have captured best-in-class digital experience status. However, many FSIs are now partnering with or acquiring FinTechs strategically, since individual FinTechs often serve a niche customer need traditional FSIs don’t necessarily focus on.
APIs and FinTech Data Aggregators Grow in FinServ
The fast, flexible, and secure financial services support on an anytime, anywhere basis that consumers demand can no longer be handled by HTTP, the protocol on which the Internet was founded. Instead, APIs are playing a critical role connecting traditional FSIs with FinTech apps. This is not a trend but the new reality in modern times. Between 2020 and 2021, major financial institutions, like Citi and Wells Fargo, reported billions of API calls since launching their API connectivity platforms.
Simultaneously, there has been significant growth and adoption recently of FinTech data aggregators. No longer merely the personal finance management tools they were at inception 20 years ago, they have evolved toward helping provide much needed connectivity between FinTechs and traditional FSIs.
FinTech data aggregators streamline open banking offerings, allowing FSI customers the freedom to choose from a wide selection of apps, all while creating new revenue and intel streams by opening their business to APIs. So, it’s even more than a win-win. It’s a win-win-win. FSIs are happy. Their customers are happy. And the FinTech data app community is happy. These key solutions are reimagining the rich and diverse connection possibilities between account holders, FinTech apps, and FSIs.
Potential Challenges Associated with FinTech Data Aggregators
FinTech data aggregators have helped add tremendous value to a flourishing modern financial sector ecosystem—like accelerating customer onboarding and providing the right connectivity for Venmo payments—but they do come with serious challenges that should not be overlooked.
Since service, security, and trust are more important than ever in financial services, when evaluating FinTech data aggregators it is crucial to review and understand the associated risks. Here are four key considerations:
- Mitigating aggregator risk is a subset of bot defense—if you can’t identify and defend against bots, you won’t be able to identify and manage aggregators. Make sure you have the right bot defense solution in place, first and foremost.
- The goal for any business should be to get all automation off of consumer login portals for web and mobile and onto a dedicated API gateway.
- If you allow aggregators to access accounts via a consumer login flow, they will have unrestricted access to do anything within that account unless you’re able to identify and restrict their activity. An API gateway allows the business to better restrict what data and actions are available to a 3rd party, but remember that many 3rd parties will only use an API if they’re forced to.
- Credential stuffing via an aggregator is absolutely a thing you need to be worried about. You need to be tracking behavior over time: number of unique accounts being accessed by the aggregator, and the overall login success rate (i.e., 98%+). If those numbers start fluctuating significantly, you’re under attack.
Meet Account Holder Demands While Mitigating Risk
Consumers have never had so many choices for improving their financial lives. Ease of use and powerful insights are now at the fingertips of so many. FSIs that are properly embracing the element of consumer choice in a modern financial services ecosystem through FinTech data aggregators and APIs will have a leg up on the competition, but new associated cyber risks must be properly evaluated and addressed.