Fidelity Access℠ is an API-based account aggregation offering for Fidelity customers to grant permission to third-party financial websites and aggregation services and obtain account balances, holdings, and transaction information.
What is Fidelity Access℠ it and why it matters:
- Fidelity Access℠ is a new API-based connection that enables third-party financial websites and account aggregation services to obtain information from Fidelity customer accounts, with the customer’s approval, without using customer login and password information in an attempt to “screen scrape” account information
- Who’s onboard? Fidelity Access℠ is available now (November 2017), but no large account aggregation services (other than the obvious eMoney Advisor, a Fidelity company) as of yet have disclosed or announced their adoption of the Fidelity Access℠ API
- Improved account security: Moving to API-based account aggregation reduces the number of times customers share their login credentials with third-party financial websites and aggregation services
- Expect short-term frustration: Customers who leverage third-party financial websites will need to be patient as their providers transition away from using Fidelity login credentials to the new API. All providers must first meet Fidelity’s security and access requirements before connecting via the API. It’s quite possible that multiple aggregation providers and personal financial applications will not be approved by Fidelity to leverage Fidelity Access℠
- What customers must do: All Fidelity customers will eventually have to manually enable account access to third-party financial websites using the Fidelity Access℠ dashboard when logged in to their Fidelity account
- What financial advisers must do: Financial advisers who use data aggregated from clients’ Fidelity accounts will need to instruct clients to manually enable permissions through Fidelity Access℠ to the third-party aggregation services used by the financial adviser
Fidelity Investments announced the introduction of Fidelity Access℠, a new service that allows Fidelity customers to grant account access to third-party websites and aggregation services to obtain account balances, holdings, and transaction information using an API.
With Fidelity Access℠, Fidelity joins other financial institutions such as JPMorgan Chase, Bank of America, Wells Fargo (Gateway Channel) and others that have already introduced an API for third-party account aggregation as an alternative to “screen scraping” by logging in using a customer’s online account credentials.
Ending Online Credential Sharing
Historically, investors provided their financial account login credentials to popular aggregation and personal financial management apps like Intuit’s Mint.com, Personal Capital, Betterment, Wealthfront, Learnvest, Clarity Money, Quicken and more.
These services leveraged account aggregation functionality from providers such as Yodlee, Fiserv AllData, Finicity, Aqumulate, Plaid, Quovo, Wealth Access, and Morningstar ByAllAccounts to log in to financial accounts and obtain account balances and transaction data. (See How Intuit’s account aggregation shutdown may impact the fintech solutions you use)
One problem with sharing login credentials with third-party websites is the protection of the account login information and specifically the account password. Given the rapid increase in attacks on financial institutions, including the large security breach of Equifax affecting over 140 million customers in the U.S., hackers are obtaining passwords in record numbers for a variety of online logins that they then use in brute-force attacks to compromise online financial accounts. Many customers are at risk when they do not follow good online password hygiene by using the same password for multiple online accounts.
Cleaner Data
A few positives emerge from an API-driven connection like Fidelity Access℠. First, account authentication and data exchange is performed using well-defined protocols. Overall, security is enhanced as Fidelity Access℠ authentication is performed using the OAuth open standard.
Second, the quality of data obtained via API is much higher than “screen scraping” since the data is transmitted using conventional API functions. Such functions clearly identify datatypes being relayed over the API, so there’s no ambiguity over what pieces of data represent a security name, security symbol, transaction date, transaction amount, or total value of a holding.
Finally, institutions like Fidelity are able to reduce the bandwidth demands for websites customers use to log in to view account information, which were never intended to be accessed in high volumes by third-party aggregators.
Instead, institutions will now be able to shift the bandwidth required for account aggregation to separate services that support access over the API and reduce the demand on public website login page access.
Expect a Rough Transition
Sometime in 2018, Fidelity will no longer allow third-party account aggregation services to log in to customer accounts using shared online credentials and ultimately “break” the aggregation functionality.
At that time, Fidelity customers will need to manually enable account access via their own Fidelity Access℠ dashboard for each of the aggregation services they wish to continue to use.
The challenge here for customer satisfaction will be the rate of adoption among the dozens, if not hundreds, of third-party personal financial management apps into the Fidelity Access℠ program. It is possible that the transition will actually limit choice among customers as to which personal financial management apps can access Fidelity account information. Today, customers can enter their login credentials into any financial management app they wish to enable aggregation of Fidelity accounts without first obtaining Fidelity’s approval.
Also, many customers maintain relationships with multiple financial institutions for a variety of reasons, so as this trend of migrating to API-based aggregation plays out, customers will be required to manage account aggregation access not only for accounts they hold with Fidelity, but also with accounts at a variety of other financial institutions where the conduct business.
The common denominator for client satisfaction here is the aggregation provider that is able to quickly adopt as many of the institution-specific APIs as possible.
After all, what good is it to permission Fidelity Access℠ to the Personal Capital dashboard when Personal Capital is not approved to connect with other financial institution aggregation APIs? The incomplete aggregation decreases the value of the consolidated dashboard in services such as Personal Capital when it is not able to aggregate all of a user’s accounts.
Tepid Adoption
One other interesting take on the Fidelity Access℠ announcement is that none of the major aggregation providers were identified as adopting the new API (eMoney Advisor is, of course, onboard, which is expected as it is a Fidelity company). Other API introductions launched with at least one major aggregator on board, such as JP Morgan Chase and Intuit’s announcement in January 2017.
Eventually, adoption of Fidelity Access℠ will be very likely among the major aggregators, but I wonder what the thought process was behind the announcement of Fidelity Access℠ without also announcing which of the larger aggregation providers have already begun to leverage the API.
We’ll have to stay tuned for more updates here as the success of Fidelity Access℠ (and satisfaction of Fidelity customers) depends heavily on how widely adopted Fidelity Access℠ is among the major aggregation providers.