JPMorgan Chase, Envestnet l Yodlee Sign Agreement to Increase Customers’ Control of Their Data
Customers will know exactly what they’re sharing, from which accounts, and with whom
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20191205005462/en/
“This will help our customers manage exactly who they give their information to, and understand how their information will be used,” said
With this new agreement, Envestnet I Yodlee is committing to send 100% of its requests for Chase customer data through the bank’s secure API, or application programming interface. This will ensure the apps can receive Chase customer data they need while customers control what’s shared with whom.
“Our partnership with Chase will allow further consumer choice, reliability, and insight into how and where their data is being used, along with improved overall financial well-being,” said
Because the secure API uses a token-based approach, customers will no longer need to give out their username and password – confidential credentials that should always be treated with the utmost care.
Chase now has signed data agreements with a number of leading aggregators and fintechs, including Finicity and Intuit, maker of TurboTax, QuickBooks and Mint.
In the AccountSafeSM dashboard available in the Chase Mobile app and on chase.com, customers can see every financial app that is retrieving their data through the secure API -- including
“In the future, we will require all these requests for our customers’ information to come through the secure API,” Wallace said. “Our customers deserve that protection and control.”
How the secure API works to protect Chase customers
A Chase customer finds an app, advisor or financial institution they would like to use, and it’s easier and safer for them to share their Chase data electronically through the secure API.
The app uses a company such as Intuit or
Envestnetl Yodlee to connect the customer directly to a secure Chase page. There, the customer enters their Chase username and password, and the company doesn’t see or retain that confidential information.
- The customer provides their consent to share data with that particular app. The consumer clearly sees what kind of information will be shared and can decide which accounts to share with that app.
- Using token-based security in the secure API, Chase shares only the type of information the app or institution needs, such as balances, transactions or the last four digits of an account number and only from the accounts specified by the customer.
- The app or institution uses the data to help the customer make smart decisions about their money.
- Using AccountSafeSM on the Chase Mobile app and chase.com, the customer sees which apps or institutions are now linked to their accounts. The customer can cancel access for each app or institution at any time.
“Data aggregation through an API rather than screen scraping can not only enhance security for apps that access consumers' bank account data but also can be used to give consumers critical control over access to that data and a simple mechanism to turn it off," said
Chase is the U.S. consumer and commercial banking business of