As the national conversation about protecting data from digital threats continues, we’re constantly reevaluating how to meet the highest standards of data security. You may have heard about the Consumer Financial Protection Bureau’s initiatives underway to offer consumers more control over who can access their data and protection around their sensitive information.
To support this movement, Fidelity announced the release of Fidelity AccessSM — an API-based aggregation method that gives end-clients more control over how their financial data is used.
As you know, eMoney aggregates data on behalf of our clients. And while our current aggregation methods follow industry best practices, we are always looking for ways to provide even greater peace of mind to advisors and their clients. It’s with this goal in mind, that we will begin to implement an API-based aggregation strategy.
Although clients who hold Fidelity accounts will be the first to experience the transition to an API via Fidelity AccessSM, we expect other financial institutions to adopt the API model in the near future.
While this transition will not go into effect immediately, there are a few important points to note regarding how you and your clients use eMoney.
- Gradual Transition: This transition will take place gradually in the coming months – no action is required at this time.
- Ongoing Communication: We will communicate well in advance of required advisor or client action.
- Client Resources: Materials will be provided to help guide aggregation conversations with your clients.
- Smooth Transition: We expect a seamless transition with minimal disruption to you and your clients.
- Better, Safer Client Experience: The shift will ultimately give your clients greater control of their financial data and enhances their experience in the eMoney system.
Watch a recording of our API Transition webinar with CEO, Ed O’Brien to get the full story on our upcoming API-based aggregation methodology.
With other questions about our upcoming initiative, check out our Frequently Asked Questions below.
Questions on eMoney’s Initiative:
Why is eMoney moving away from screen scraping and toward API-based aggregation?
In today’s changing security landscape, we’re moving toward API-based aggregation methods for several reasons:
- Recent high-profile data breaches reinforce the importance of modern data security. API-based aggregation is a safer way to protect sensitive client information.
- The concept of shifting from screen scraping to APIs has been a topic of interest for financial institutions for some time, and we expect other institutions to make similar announcements following Fidelity’s.
- APIs will enhance the user experience. With traditional screen scraping methods, a client’s access to their data may be disrupted by changes to their password, or changes an institution makes to its website, which may require screen scraping logic to be adjusted. By aggregating data through APIs, clients have more reliable access to their data as they are not impacted by institution changes like these.
What’s the timeline to move away from screen scraping and implement APIs?
eMoney is in the process of creating and testing an API for joint eMoney-Fidelity clients. Once complete, eMoney will work with institutions that have APIs created and introduce this new approach to clients and prospects later in 2018.
Is eMoney going to stop screen scraping entirely?
For the time being, we will continue to scrape sites that don’t block access via screen scraping. As the industry evolves and APIs become more readily available, we plan to migrate to an API-based aggregation model for all institutions that have APIs and are willing to share them with us.
For institutions you will continue to scrape, what are you doing to make the scraping more secure?
Our approach to screen scraping currently has many levels of security in place. We will continue to test our security by conducting frequent security scans and audits on our system, so we can stay ahead of potential new security threats.
What happens if an institution does not move to the new API standard?
eMoney will work with any API that an institution can provide, so there is no requirement on them to conform to the standard API. However, if the institution is unable to provide an API, eMoney will continue to screen scrape.
What does eMoney plan to do to help convince financial institutions to adopt a more secure approach to allowing their data to be aggregated?
Following Fidelity’s lead, we reinforce our commitment to enhancing security practices by limiting screen scraping. In today’s climate, especially after the recent high-profile data breaches, it’s a risk not to invest in technology – like APIs – that protects client data. Although it will not happen immediately, working with our clients and partners to implement API strategies will deliver the safest and most positive client experience, hopefully resulting in more financial institutions adopting the practice.
How does this impact existing eMoney integrations with Select partners (3rd party tech solutions, for example)?
We will work with Select partners to ensure they can easily and seamlessly adopt our updated data standards within a reasonable timeframe.
Questions on the Impact to Advisors and Clients:
How will the release of Fidelity AccessSM impact advisors and clients?
While this transition will take place gradually over the coming months, the release of Fidelity AccessSM will impact advisors’ clients who hold Fidelity accounts. These clients will eventually need to grant eMoney access to their Fidelity account data through Fidelity AccessSM. To ensure a smooth transition, clients can authorize eMoney to access their data directly from the Client Portal, and will not be required to visit multiple platforms to do so. During this time, we will keep advisors informed of any action items, and will offer messaging and resources to assist in communicating to the client.
If an institution moves from screen scraping to an API, what steps do the advisors and/or clients need to do to ensure their data remains intact?
The goal is a seamless transition with no impact to advisors and clients, but we cannot guarantee that for every case. We will learn what challenges may arise during testing and work to fix them ahead of implementation.
What is the impact to clients who hold accounts accessed through Fidelity websites (e.g. Fidelity.com, NetBenefits.com, and WealthscapeInvestor.com)?
Nothing is immediately changing for clients who hold Fidelity accounts, however they will eventually need to grant eMoney access to their Fidelity account data through Fidelity AccessSM. To ensure a smooth transition, clients can authorize eMoney to access their data directly from the Client Portal, and will not be required to visit multiple platforms to do so. Additionally, the rollout of Fidelity AccessSM will take place gradually in 2018. During this time, we will keep advisors informed of any action items, and will offer messaging and resources to assist in communicating to the client.
How will advisors be notified action items for Fidelity AccessSM and any institutions that follow?
As the release of Fidelity AccessSM is gradually rolled out, we’ll make sure advisors are aware of potential impacts and action required well in advance. Expect to hear from us via email, on your Financial Feed, on the eMoney blog and via social media.
As other institutions announce similar initiatives in the future, we’ll reach out ahead of any action required to ensure advisors have enough time to discuss with clients. This is part of our ongoing commitment to use some of the most secure means possible to aggregate clients’ data.
We’ll also provide materials to help guide your conversations with clients throughout this transition. Additionally, Advisor Branded Marketing subscribers will have the ability to send these directly through the application.
How will my clients learn about of action items for Fidelity AccessSM and any institutions that follow?
As more information becomes available, we’ll continue to help guide our advisors’ conversations and communicate action items with clients with materials like sample email templates, print pieces, relevant articles, etc. Advisor Branded Marketing subscribers can also leverage relevant articles and print materials, and can distribute suggested content directly through the Advisor Branded Marketing platform.
In addition, we are exploring other communications methods, such as initiating in-app messaging on the Client Website when action is required in the future.
We recommend advisors start initiating conversations about the evolution of data aggregation well before action is required.
When will clients be required to grant access to the eMoney Client Portal through Fidelity AccessSM?
Though a date has not been determined, we expect this transition to take place sometime in 2018. We will provide advisors enough lead time to properly prepare their clients to help ensure a smooth transition.
How much time will clients have to prepare before this change goes into effect?
While a release date has not yet been determined, we encourage advisors who have clients holding Fidelity accounts to set expectations with their clients early. To get a head start, take advantage of our client email template and client-facing Guide to Data Aggregation.
How can clients with Fidelity accounts maintain their connections?
We expect a quick and seamless transition for clients. While nothing is immediately changing for clients who hold Fidelity accounts, they will eventually need to grant eMoney access to their Fidelity account data through Fidelity AccessSM. Clients will not be required to navigate from the Client Website to their Fidelity platform. More information around these steps will be communicated once it’s available.
What will happen to the Facts that are fed via the connection? Will they have to be manually entered?
The goal is to have all Facts within the connection transitioned to the API without disruption. Manual data entry is not anticipated.
Will clients need to unlink and relink their connections during this transition?
No, unlinking and relinking accounts will not be required. Clients may, however, have to reauthorize their accounts at the institution level. More information and action items will be communicated when it is available.
Will clients lose account history when moving to Fidelity AccessSM?
We do not expect account history to be lost. We will confirm as more information is available.
What will joint Fidelity-eMoney end-investor clients experience when Fidelity AccessSM goes live?
When joint end-investor clients log into eMoney after Fidelity AccessSM goes live, they will see a “Needs Credentials” Connections message and be prompted to re-authorize access to their Fidelity account data. If they do not authorize access, their accounts will stop updating until permission to Fidelity account data has been granted.
Are Fidelity clients impacted in the same way as clients of Schwab or Pershing?
Clients who hold accounts with Fidelity will be the first to move from screen scraping to an API in the eMoney system. Testing is underway, but the ideal transition will be seamless and will not disrupt advisors or clients regardless of which financial institutions they are affiliated.
Questions on Fidelity’s Initiative:
What is Fidelity AccessSM
Fidelity AccessSM provides a convenient and more secure way for customers, retirement plan participants and financial advisors’ clients to see their Fidelity account information, such as balances and holdings, on other financial websites and applications. With Fidelity AccessSM, customers, retirement plan participants and financial advisors’ clients will no longer be asked by non-Fidelity websites and applications to provide their Fidelity log-in credentials in order to see their Fidelity account information. Instead, when customers or participants choose to access their Fidelity account information through another financial website or application that participates in Fidelity AccessSM – like eMoney – they will be automatically linked to Fidelity and can then authorize Fidelity to provide that website or application access to their Fidelity account information. Once Fidelity receives that authorization, Fidelity AccessSM will allow that website or application to access their Fidelity account information through a secure connection.
Why is Fidelity doing this?
Fidelity strongly supports their customers’ right to access their financial account information and recognizes that customers use third-party financial websites and applications like eMoney. In light of recent major data breaches, Fidelity AccessSM was created as part of Fidelity’s commitment to protecting its customers and delivering a great customer experience. As technology evolves, both Fidelity and eMoney look for ways to enhance the range of safeguards and multiple layers of security we have in place to protect account and customer information.
What is data aggregation?
Data aggregation is the process of gathering digital information from a variety of separate sources to combine the data into a unified set. eMoney has a built-in aggregation engine that automatically pulls financial account information, such as account balances and holdings, into our platform. eMoney is an industry leader in data aggregation, having performed this service safely and securely for years. Most of our clients rely on eMoney for this service. While other companies sell and repurpose the data they acquire – we do not sell client data and never will. eMoney only uses client data to provide services to the advisors and clients who enable it.
What is screen scraping?
Screen scraping is a common method used in the data aggregation process, and refers to the collection and transfer of data from one application to another. It currently requires clients to submit their log-in credentials for third-party institutions into eMoney to collect data. Within the eMoney system, thousands of clients connect their accounts from financial institutions to the eMoney Client Portal, granting eMoney access to their data. Once eMoney is granted access to the third-party institution’s website, we’re able to “scrape” or copy financial data and display a read-only version in our application. This gives advisors and clients a holistic view of the client’s financial picture. This up-to-date account and investment data helps the client’s advisor develop a financial plan and deliver advice based on real-time insights.
What is the risk of screen scraping?
Granting account access to third parties means you’re entrusting that company to protect your log-in credentials. By eliminating screen scraping and using an API approach to acquire data, clients gain more control over who has access to their credentials, and who can access their data.
What is an API?
An API – or Application Program Interface – specifies how software components should interact and send requests and responses to one another. An interface such as this makes it easier for technology developers to understand the programming of an application they do not own, helping them build more secure connections. APIs allow end-users to complete actions without having to go back and forth between two websites.
Why are APIs more secure than screen scraping?
APIs offer a more secure way to collect and copy client data because they do not require access to log-in credentials or access to third-party websites, which means no transactions can be made. Think of APIs as offering “view only” access to account data.
What are other benefits of using APIs over screen scraping?
With traditional screen scraping methods, a client’s access to their data may be disrupted by changes to their password, or changes an institution makes to its website, which may require screen scraping logic to be adjusted. By aggregating data through APIs, clients have more reliable access to their data as they are not impacted by institution changes like these.
What is the government’s take on data aggregation?
The government has increasingly emphasized the importance of data security, stressing the need for consumers to have clear access to their data, protection around their sensitive information, and knowledge of how their data is being used. API-based aggregation makes it easier to address those concerns because it does not require sharing of usernames and passwords and allows consumers to select which institutions can access their data.
Are other institutions going to move towards API-based aggregation methods too?
We expect other institutions to gradually move towards API-based aggregation methods, as they are generally accepted as safer for the end-consumer. eMoney will continue to work with them to make APIs available and communicate any action items to affected users.
How are other aggregators responding to this?
This concept of shifting from screen scraping to APIs has been a topic of interest for financial institutions for some time. Fidelity just happens to be the one leading the charge with the announcement of Fidelity AccessSM. Fidelity and eMoney strongly support clients’ rights to access their financial account information in a variety of ways. And we believe it should be done in the most secure way.
Questions about the latest Vault enhancements? Send us an email or call us at 888-362-8482.