eMoney’s API Transition

In today’s changing security landscape, we’re moving toward API-based aggregation methods for several reasons:

• Recent high-profile data breaches reinforce the importance of modern data security. API-based aggregation is a safer way to protect sensitive client information.
• The concept of shifting from screen scraping to APIs has been a topic of interest for financial institutions for some time, and we expect other institutions to make similar announcements following Fidelity’s.
• APIs will enhance the user experience. With traditional screen scraping methods, a client’s access to their data may be disrupted by changes to their password, or changes an institution makes to its website, which may require screen scraping logic to be adjusted. By aggregating data through APIs, clients have more reliable access to their data as they are not impacted by institution changes like these.

eMoney is in the process of creating and testing an API for joint eMoney-Fidelity clients. Once complete, eMoney will work with institutions that have APIs created and introduce this new approach to clients and prospects later in 2018.

For the time being, we will continue to scrape sites that don’t block access via screen scraping. As the industry evolves and APIs become more readily available, we plan to migrate to an API-based aggregation model for all institutions that have APIs and are willing to share them with us.

Our approach to screen scraping currently has many levels of security in place. We will continue to test our security by conducting frequent security scans and audits on our system, so we can stay ahead of potential new security threats.

eMoney will work with any API that an institution can provide, so there is no requirement on them to conform to the standard API. However, if the institution is unable to provide an API, eMoney will continue to screen scrape.

Following Fidelity’s lead, we reinforce our commitment to enhancing security practices by limiting screen scraping. In today’s climate, especially after the recent high-profile data breaches, it’s a risk not to invest in technology – like APIs – that protects client data. Although it will not happen immediately, working with our clients and partners to implement API strategies will deliver the safest and most positive client experience, hopefully resulting in more financial institutions adopting the practice.

We will work with Select partners to ensure they can easily and seamlessly adopt our updated data standards within a reasonable timeframe.

While this transition will take place gradually over the coming months, the release of Fidelity Access^SM will impact advisors’ clients who hold Fidelity accounts. These clients will eventually need to grant eMoney access to their Fidelity account data through Fidelity Access^SM. To ensure a smooth transition, clients can authorize eMoney to access their data directly from the Client Portal, and will not be required to visit multiple platforms to do so. During this time, we will keep advisors informed of any action items, and will offer messaging and resources to assist in communicating to the client.

The goal is a seamless transition with no impact to advisors and clients, but we cannot guarantee that for every case. We will learn what challenges may arise during testing and work to fix them ahead of implementation.

Nothing is immediately changing for clients who hold Fidelity accounts, however they will eventually need to grant eMoney access to their Fidelity account data through Fidelity Access^SM. To ensure a smooth transition, clients can authorize eMoney to access their data directly from the Client Portal, and will not be required to visit multiple platforms to do so. Additionally, the rollout of Fidelity Access^SM will take place gradually in 2018. During this time, we will keep advisors informed of any action items, and will offer messaging and resources to assist in communicating to the client.

As the release of Fidelity Access^SM is gradually rolled out, we’ll make sure advisors are aware of potential impacts and action required well in advance. Expect to hear from us via email, on your Financial Feed, on the eMoney blog and via social media.

As other institutions announce similar initiatives in the future, we’ll reach out ahead of any action required to ensure advisors have enough time to discuss with clients. This is part of our ongoing commitment to use some of the most secure means possible to aggregate clients’ data.

We’ll also provide materials to help guide your conversations with clients throughout this transition. Additionally, Advisor Branded Marketing subscribers will have the ability to send these directly through the application.

As more information becomes available, we’ll continue to help guide our advisors’ conversations and communicate action items with clients with materials like sample email templates, print pieces, relevant articles, etc. Advisor Branded Marketing subscribers can also leverage relevant articles and print materials, and can distribute suggested content directly through the Advisor Branded Marketing platform.

In addition, we are exploring other communications methods, such as initiating in-app messaging on the Client Website when action is required in the future.

We recommend advisors start initiating conversations about the evolution of data aggregation well before action is required.

Though a date has not been determined, we expect this transition to take place sometime in 2018. We will provide advisors enough lead time to properly prepare their clients to help ensure a smooth transition.

While a release date has not yet been determined, we encourage advisors who have clients holding Fidelity accounts to set expectations with their clients early. To get a head start, take advantage of our client email template and client-facing Guide to Data Aggregation.

We expect a quick and seamless transition for clients. While nothing is immediately changing for clients who hold Fidelity accounts, they will eventually need to grant eMoney access to their Fidelity account data through Fidelity Access^SM. Clients will not be required to navigate from the Client Website to their Fidelity platform. More information around these steps will be communicated once it’s available.

The goal is to have all Facts within the connection transitioned to the API without disruption. Manual data entry is not anticipated.

No, unlinking and relinking accounts will not be required. Clients may, however, have to reauthorize their accounts at the institution level. More information and action items will be communicated when it is available.

We do not expect account history to be lost. We will confirm as more information is available.

When joint end-investor clients log into eMoney after Fidelity Access^SM goes live, they will see a “Needs Credentials” Connections message and be prompted to re-authorize access to their Fidelity account data. If they do not authorize access, their accounts will stop updating until permission to Fidelity account data has been granted.

Clients who hold accounts with Fidelity will be the first to move from screen scraping to an API in the eMoney system. Testing is underway, but the ideal transition will be seamless and will not disrupt advisors or clients regardless of which financial institutions they are affiliated.

Fidelity Access^SM provides a convenient and more secure way for customers, retirement plan participants and financial advisors’ clients to see their Fidelity account information, such as balances and holdings, on other financial websites and applications. With Fidelity Access^SM, customers, retirement plan participants and financial advisors’ clients will no longer be asked by non-Fidelity websites and applications to provide their Fidelity log-in credentials in order to see their Fidelity account information. Instead, when customers or participants choose to access their Fidelity account information through another financial website or application that participates in Fidelity Access^SM – like eMoney – they will be automatically linked to Fidelity and can then authorize Fidelity to provide that website or application access to their Fidelity account information. Once Fidelity receives that authorization, Fidelity Access^SM will allow that website or application to access their Fidelity account information through a secure connection.

Fidelity strongly supports their customers’ right to access their financial account information and recognizes that customers use third-party financial websites and applications like eMoney. In light of recent major data breaches, Fidelity Access^SM was created as part of Fidelity’s commitment to protecting its customers and delivering a great customer experience. As technology evolves, both Fidelity and eMoney look for ways to enhance the range of safeguards and multiple layers of security we have in place to protect account and customer information.

Data aggregation is the process of gathering digital information from a variety of separate sources to combine the data into a unified set. eMoney has a built-in aggregation engine that automatically pulls financial account information, such as account balances and holdings, into our platform. eMoney is an industry leader in data aggregation, having performed this service safely and securely for years. Most of our clients rely on eMoney for this service. While other companies sell and repurpose the data they acquire – we do not sell client data and never will. eMoney only uses client data to provide services to the advisors and clients who enable it.

Screen scraping is a common method used in the data aggregation process, and refers to the collection and transfer of data from one application to another. It currently requires clients to submit their log-in credentials for third-party institutions into eMoney to collect data. Within the eMoney system, thousands of clients connect their accounts from financial institutions to the eMoney Client Portal, granting eMoney access to their data. Once eMoney is granted access to the third-party institution’s website, we’re able to “scrape” or copy financial data and display a read-only version in our application. This gives advisors and clients a holistic view of the client’s financial picture. This up-to-date account and investment data helps the client’s advisor develop a financial plan and deliver advice based on real-time insights.

Granting account access to third parties means you’re entrusting that company to protect your log-in credentials. By eliminating screen scraping and using an API approach to acquire data, clients gain more control over who has access to their credentials, and who can access their data.

An API – or Application Program Interface – specifies how software components should interact and send requests and responses to one another. An interface such as this makes it easier for technology developers to understand the programming of an application they do not own, helping them build more secure connections. APIs allow end-users to complete actions without having to go back and forth between two websites.

APIs offer a more secure way to collect and copy client data because they do not require access to log-in credentials or access to third-party websites, which means no transactions can be made. Think of APIs as offering “view only” access to account data.

With traditional screen scraping methods, a client’s access to their data may be disrupted by changes to their password, or changes an institution makes to its website, which may require screen scraping logic to be adjusted. By aggregating data through APIs, clients have more reliable access to their data as they are not impacted by institution changes like these.

The government has increasingly emphasized the importance of data security, stressing the need for consumers to have clear access to their data, protection around their sensitive information, and knowledge of how their data is being used. API-based aggregation makes it easier to address those concerns because it does not require sharing of usernames and passwords and allows consumers to select which institutions can access their data.

We expect other institutions to gradually move towards API-based aggregation methods, as they are generally accepted as safer for the end-consumer. eMoney will continue to work with them to make APIs available and communicate any action items to affected users.

This concept of shifting from screen scraping to APIs has been a topic of interest for financial institutions for some time. Fidelity just happens to be the one leading the charge with the announcement of Fidelity Access^SM. Fidelity and eMoney strongly support clients’ rights to access their financial account information in a variety of ways. And we believe it should be done in the most secure way.