As the national conversation about protecting data from digital threats continues, we’re constantly reevaluating how to meet the highest standards of data security. You may have heard about the Consumer Financial Protection Bureau’s initiatives underway to offer consumers more control over who can access their data and protection around their sensitive information.
To support this movement, Fidelity announced the release of Fidelity AccessSM — an API-based aggregation method that gives end-clients more control over how their financial data is used.
As you know, eMoney aggregates data on behalf of our clients. And while our current aggregation methods follow industry best practices, we are always looking for ways to provide even greater peace of mind to advisors and their clients. It’s with this goal in mind, that we will begin to implement an API-based aggregation strategy.
Although clients who hold Fidelity accounts will be the first to experience the transition to an API via Fidelity AccessSM, we expect other financial institutions to adopt the API model in the near future.
While this transition will not go into effect immediately, there are a few important points to note regarding how you and your clients use eMoney.
Watch a recording of our API Transition webinar with CEO, Ed O’Brien to get the full story on our upcoming API-based aggregation methodology.
With other questions about our upcoming initiative, check out our Frequently Asked Questions below.
In today’s changing security landscape, we’re moving toward API-based aggregation methods for several reasons:
eMoney is in the process of creating and testing an API for joint eMoney-Fidelity clients. Once complete, eMoney will work with institutions that have APIs created and introduce this new approach to clients and prospects later in 2018.
For the time being, we will continue to scrape sites that don’t block access via screen scraping. As the industry evolves and APIs become more readily available, we plan to migrate to an API-based aggregation model for all institutions that have APIs and are willing to share them with us.
Our approach to screen scraping currently has many levels of security in place. We will continue to test our security by conducting frequent security scans and audits on our system, so we can stay ahead of potential new security threats.
eMoney will work with any API that an institution can provide, so there is no requirement on them to conform to the standard API. However, if the institution is unable to provide an API, eMoney will continue to screen scrape.
Following Fidelity’s lead, we reinforce our commitment to enhancing security practices by limiting screen scraping. In today’s climate, especially after the recent high-profile data breaches, it’s a risk not to invest in technology – like APIs – that protects client data. Although it will not happen immediately, working with our clients and partners to implement API strategies will deliver the safest and most positive client experience, hopefully resulting in more financial institutions adopting the practice.
We will work with Select partners to ensure they can easily and seamlessly adopt our updated data standards within a reasonable timeframe.
While this transition will take place gradually over the coming months, the release of Fidelity AccessSM will impact advisors’ clients who hold Fidelity accounts. These clients will eventually need to grant eMoney access to their Fidelity account data through Fidelity AccessSM. To ensure a smooth transition, clients can authorize eMoney to access their data directly from the Client Portal, and will not be required to visit multiple platforms to do so. During this time, we will keep advisors informed of any action items, and will offer messaging and resources to assist in communicating to the client.
The goal is a seamless transition with no impact to advisors and clients, but we cannot guarantee that for every case. We will learn what challenges may arise during testing and work to fix them ahead of implementation.
Nothing is immediately changing for clients who hold Fidelity accounts, however they will eventually need to grant eMoney access to their Fidelity account data through Fidelity AccessSM. To ensure a smooth transition, clients can authorize eMoney to access their data directly from the Client Portal, and will not be required to visit multiple platforms to do so. Additionally, the rollout of Fidelity AccessSM will take place gradually in 2018. During this time, we will keep advisors informed of any action items, and will offer messaging and resources to assist in communicating to the client.
As the release of Fidelity AccessSM is gradually rolled out, we’ll make sure advisors are aware of potential impacts and action required well in advance. Expect to hear from us via email, on your Financial Feed, on the eMoney blog and via social media.
As other institutions announce similar initiatives in the future, we’ll reach out ahead of any action required to ensure advisors have enough time to discuss with clients. This is part of our ongoing commitment to use some of the most secure means possible to aggregate clients’ data.
We’ll also provide materials to help guide your conversations with clients throughout this transition. Additionally, Advisor Branded Marketing subscribers will have the ability to send these directly through the application.
As more information becomes available, we’ll continue to help guide our advisors’ conversations and communicate action items with clients with materials like sample email templates, print pieces, relevant articles, etc. Advisor Branded Marketing subscribers can also leverage relevant articles and print materials, and can distribute suggested content directly through the Advisor Branded Marketing platform.
In addition, we are exploring other communications methods, such as initiating in-app messaging on the Client Website when action is required in the future.
We recommend advisors start initiating conversations about the evolution of data aggregation well before action is required.
Though a date has not been determined, we expect this transition to take place sometime in 2018. We will provide advisors enough lead time to properly prepare their clients to help ensure a smooth transition.
While a release date has not yet been determined, we encourage advisors who have clients holding Fidelity accounts to set expectations with their clients early. To get a head start, take advantage of our client email template and client-facing Guide to Data Aggregation.
We expect a quick and seamless transition for clients. While nothing is immediately changing for clients who hold Fidelity accounts, they will eventually need to grant eMoney access to their Fidelity account data through Fidelity AccessSM. Clients will not be required to navigate from the Client Website to their Fidelity platform. More information around these steps will be communicated once it’s available.
The goal is to have all Facts within the connection transitioned to the API without disruption. Manual data entry is not anticipated.
No, unlinking and relinking accounts will not be required. Clients may, however, have to reauthorize their accounts at the institution level. More information and action items will be communicated when it is available.
We do not expect account history to be lost. We will confirm as more information is available.
When joint end-investor clients log into eMoney after Fidelity AccessSM goes live, they will see a “Needs Credentials” Connections message and be prompted to re-authorize access to their Fidelity account data. If they do not authorize access, their accounts will stop updating until permission to Fidelity account data has been granted.
Clients who hold accounts with Fidelity will be the first to move from screen scraping to an API in the eMoney system. Testing is underway, but the ideal transition will be seamless and will not disrupt advisors or clients regardless of which financial institutions they are affiliated.
Fidelity AccessSM provides a convenient and more secure way for customers, retirement plan participants and financial advisors’ clients to see their Fidelity account information, such as balances and holdings, on other financial websites and applications. With Fidelity AccessSM, customers, retirement plan participants and financial advisors’ clients will no longer be asked by non-Fidelity websites and applications to provide their Fidelity log-in credentials in order to see their Fidelity account information. Instead, when customers or participants choose to access their Fidelity account information through another financial website or application that participates in Fidelity AccessSM – like eMoney – they will be automatically linked to Fidelity and can then authorize Fidelity to provide that website or application access to their Fidelity account information. Once Fidelity receives that authorization, Fidelity AccessSM will allow that website or application to access their Fidelity account information through a secure connection.
Fidelity strongly supports their customers’ right to access their financial account information and recognizes that customers use third-party financial websites and applications like eMoney. In light of recent major data breaches, Fidelity AccessSM was created as part of Fidelity’s commitment to protecting its customers and delivering a great customer experience. As technology evolves, both Fidelity and eMoney look for ways to enhance the range of safeguards and multiple layers of security we have in place to protect account and customer information.
Data aggregation is the process of gathering digital information from a variety of separate sources to combine the data into a unified set. eMoney has a built-in aggregation engine that automatically pulls financial account information, such as account balances and holdings, into our platform. eMoney is an industry leader in data aggregation, having performed this service safely and securely for years. Most of our clients rely on eMoney for this service. While other companies sell and repurpose the data they acquire – we do not sell client data and never will. eMoney only uses client data to provide services to the advisors and clients who enable it.
Screen scraping is a common method used in the data aggregation process, and refers to the collection and transfer of data from one application to another. It currently requires clients to submit their log-in credentials for third-party institutions into eMoney to collect data. Within the eMoney system, thousands of clients connect their accounts from financial institutions to the eMoney Client Portal, granting eMoney access to their data. Once eMoney is granted access to the third-party institution’s website, we’re able to “scrape” or copy financial data and display a read-only version in our application. This gives advisors and clients a holistic view of the client’s financial picture. This up-to-date account and investment data helps the client’s advisor develop a financial plan and deliver advice based on real-time insights.
Granting account access to third parties means you’re entrusting that company to protect your log-in credentials. By eliminating screen scraping and using an API approach to acquire data, clients gain more control over who has access to their credentials, and who can access their data.
An API – or Application Program Interface – specifies how software components should interact and send requests and responses to one another. An interface such as this makes it easier for technology developers to understand the programming of an application they do not own, helping them build more secure connections. APIs allow end-users to complete actions without having to go back and forth between two websites.
APIs offer a more secure way to collect and copy client data because they do not require access to log-in credentials or access to third-party websites, which means no transactions can be made. Think of APIs as offering “view only” access to account data.
With traditional screen scraping methods, a client’s access to their data may be disrupted by changes to their password, or changes an institution makes to its website, which may require screen scraping logic to be adjusted. By aggregating data through APIs, clients have more reliable access to their data as they are not impacted by institution changes like these.
The government has increasingly emphasized the importance of data security, stressing the need for consumers to have clear access to their data, protection around their sensitive information, and knowledge of how their data is being used. API-based aggregation makes it easier to address those concerns because it does not require sharing of usernames and passwords and allows consumers to select which institutions can access their data.
We expect other institutions to gradually move towards API-based aggregation methods, as they are generally accepted as safer for the end-consumer. eMoney will continue to work with them to make APIs available and communicate any action items to affected users.
This concept of shifting from screen scraping to APIs has been a topic of interest for financial institutions for some time. Fidelity just happens to be the one leading the charge with the announcement of Fidelity AccessSM. Fidelity and eMoney strongly support clients’ rights to access their financial account information in a variety of ways. And we believe it should be done in the most secure way.
Questions about the latest Vault enhancements? Send us an email or call us at 888-362-8482.