Connecting to Schwa

michael's Avatar

michael

30 Oct, 2020 06:03 PM

Here's the text of the link.. Seems you need a cookie to avoid the login?

Charles Schwab Continues To Deliver on Its Commitment to Customer Data Protection
Third-party applications often use "data aggregation" services that involve the collection and use of a user's confidential financial account and personal information. These services may present a holistic view of a user's finances to assist them in making better spending decisions, or a variety of other functions related to payments and consumer loan applications. To use these services, in most cases customers must authorize a third-party data aggregator to access the customer's account and personal information.
To allow this, users may be asked to provide their account credentials (user name and password) to the data aggregator in order to enable the data aggregator to access the user's account(s) at each financial institution. The data aggregator's software logs into the financial institution's site as that user and accesses the customer's confidential information on the aggregator's platform. This method of access is often called "screen-scraping".
Frequently Asked Questions
Q: What are some risks to providing credentials for the purpose of screen scraping that users should recognize?
A: Anytime you share confidential authentication credentials with another party, even with family, the risk of accidental exposure, loss or theft increases. You want to make sure any data aggregation services you use provide strong privacy and security controls to protect your information. The user credentials you provide to a third party can be used to access your online accounts, and, in some cases, the ability to transact and transfer funds.
It is important that you understand the aggregator's services and how they intend to safeguard and use your account and personal information, including whether they share or sell your data.
Q: What is being done to address some of the risks?
A: Schwab remains committed to collaborating with the Securities Industry and Financial Markets Association (SIFMA), the financial services industry as a whole, and our service providers to improve how we protect, permission, and provide transparency over client data. Schwab played a key role in the development of the Data Aggregation Principles with SIFMA (https://www.sifma.org).
As part of this effort, Schwab has joined a growing list of Financial Institutions, including the Financial Data Exchange (FDX), who have contributed and adopted new standards of data exchange with the intent to stop the practice of "screen scraping".
Through this on-going industry collaboration, guidelines have been established that address data security, innovation, client controls, and standards for sharing financial and personal data through an application programming interface (API).
Q: What is an API and how does it impact aggregation services?
A: An API or an "Application Programming Interface" makes allowing access to data easier, is more accurate and is more secure. The use of API's are a best practice in the industry and utilize a token-based approach which enables clients to authorize third parties to download requested account information on their behalf in an encrypted form, without storing their usernames and passwords.
Q: How will the Schwab API work?
A: Through Schwab's API connection, third party data aggregators who agree to data access terms with Schwab will continue to have client-authorized access to certain client data in a protected environment. In turn, clients will have greater control over and better transparency into what data they share and with whom they share their data.
Through its API development and the migration of third-party financial technology companies to its API network, Schwab provides a more secure, client-controlled authentication process.
Here's how the API will work to protect Charles Schwab clients:
* Protection—The API issues a "virtual" token to third parties for client data to ensure client account credentials are safe. Available multi-factor authentication provides an added layer of user identification.
*
* Data Privacy—Through the Schwab API, clients can choose to grant access to specific accounts and specific third parties to ensure the right data is selected. Consent to allow access to data through explicit disclosures is logged and archived.
*
* Transparency and Control—Clients are not required to share their log-in credentials outside of Schwab. They will have higher visibility and transparency into linked accounts, including which third parties are accessing their data and the type of data through the Schwab Security Center and can easily view and change access at any time.
Q: Does Schwab charge a fee for this data service?
A: No. Schwab is not charging third party applications or third party data aggregators to use the API for access to client-authorized accounts and data
Schwab is aligned with industry standards and specifications agreed to and established by the Financial Data Exchange and its members. As such, Schwab will require agreement on Data Access terms with third party data aggregators/financial technology companies prior to access being granted.
Q: Has Schwab agreed to Data Access terms with any third parties?
A: In 2020, Schwab has communicated, via press release, the successful signing of Data Access Agreements (DAA) with 3 prominent financial technology companies: Envestnet Yodlee, Intuit, and eMoney Advisor. These three companies comprise approximately 70% of data aggregation services used by Schwab clients. Schwab has already provided testing-based access to its API to several data aggregators who have been actively engaged with us to enable adoption of our more secure access method.
We are also actively partnering with several additional leading financial technology companies who share the mutual goal of providing clients with access to their data in a more secure and transparent manner.
For more information please see Charles Schwab Reinforces Its Commitment to Customer Data Protection.

  1. 1 Posted by dwg on 30 Oct, 2020 08:07 PM

    dwg's Avatar

    That text seems to be slanted completely towards Data Aggregators i.e. organisations that capture transactions from many bans, store them on their own servers and present them to the customer from a single site. Quicken's Express Web Connect and Yodlee being examples of aggregators.

    Seems they are completely ignoring programs that connect to a server (Direct Connect) and just download the transactions directly to client software on the clients computer. In other words it completely ignores the situation where there is no third party involved whatsoever.

    By seemingly to push aggregators as the solution mechanism they are proposing a solution that has privacy issues as compare to Moneydance where the data is only on your system and the financial institution's. They even spell it out when they say you should know what the aggregator does with your data.

  2. 2 Posted by dtd on 30 Oct, 2020 11:13 PM

    dtd's Avatar

    I finds it interesting that Quicken is still considered "Intuit", when they have been separate for (at least?) two years. Sounds like denial of reality.

    Also the assumption we don't understand aggregators, nor the acknowledgement that we want our OWN data and we don't USE aggregators.

  3. 3 Posted by dwg on 30 Oct, 2020 11:56 PM

    dwg's Avatar

    The last time I did some research it looked like Intuit still owned Express Web Connect, I suspect they kept it because of Mint and that "Quicken" was provided with a license to use it as part of the sale process.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac