The problem with PFMs

Another painful scrapeI will state up front I am a massive fan of the online personal financial management (PFM) sites such as Mint and the now sadly defunct Wesabe.  They have shown how money should be viewed and managed online and have provided a blue print as to how Internet banking should look.  But these sites have a big  problem. They are very difficult for the user to effectively operate because getting your banking data out of your bank and into these services is not that straight forward.

The PFMs all offer a manual upload option, which is currently the most readily available (from banks), safest yet most cumbersome way to interact with them as you have to remember each month/week/day to upload the new set of data. These sites also offer lots of clever ways to logon to your internet banking while you are not there.  This involves giving over your logon details (a classic case of the password anti-pattern) and letting the application scrape your data and return it to the service.  For some services that password details cannot easily be handed over the service can be taught how to log on so it can record scripts and then automate this process. This is not only very unsafe, not too dissimilar to handing over your cash card and PIN number to a stranger, it also probably puts you in breach of your accounts terms and conditions. If any losses occur because of a breach by the PFM you may be liable.  This is not an ideal situation for all concerned.

These services also allow subscription to automatic feeds of the data e.g. XML formatted data. This is a much better way for these sites to operate but unfortunately banks that provide these feeds are few and far between, especially here in the UK.  One of the few banks that had this functionality up until recently was Nationwide.  They switched off this facility recently as it was designed primarily to service MS Money users and as Microsoft have ceased to make that product it was deemed an unnecessary (and costly?) function to keep running.  A few loyal customers of his service who were using the feed for online PFMs like Wesabe rather than MS Money were none too happy and have started a little campaign to get it reinstated.  There are users wanting these services now but are stuck with manual or risky solutions. If only we had standard Bank datafeeds or APIs to allow these automatic links to work. I for one would be willing to pay for that functionality.

So why don’t banks offer this functionality? My personal opinion is it is either the fear of security breaches, not on their radar, or if it is they don’t want to lose control.  The security aspect is probably the most common reason.  What I do hope it is not the last reason.  I am sure every bank would love to know the spending and saving details of any of their customers that have accounts at rival organisations but they maybe unwilling to share their own data.  Data is very valuable, especially such private data as a persons spending habits and bank product holding.  But the world is changing and customers want more from their online banking which is why sites like Mint are successful.  Would these services become too powerful if all the banks implemented a standard open data feed. Letting customers use 3rd party services while the banks updated their own online banking sites to match the functionality already on offer elsewhere.  Would customers ever come back?

A recent survey by Fiserv showed that in the US, customers preferred the safety of PFM tools provided by their banks rather than handing over logon details to third parties.  If safer ways of data sharing existed would this still be the case? Or would people still prefer to do their money management with their bank? I would certainly feel safer using a banks platform and I am pretty sure open up data feeds would not see a mass exodus by customers away from their banks online banking service.

How might this mythical data feed look? What if all the banks, card companies and PFMs agreed on a standard feed format (hopefully compatible with the existing ones such as OFX) and technologies to allow secure access to financial data without breaching the password anti-pattern. For example  why not use the widely accepted and used open standard OAuth?

I can imagine how beneficial this would be to people but I can also see the benefits for the organisations themselves, the ones that allow their customers the most flexibility will earn their loyalty.  The flexibility of having access to this data would also benefit internal developments.  For customers It would allow them to be able to see a real picture of their entire wealth (or in my case lack of it) and be able to manage things better because they would have the complete picture, assuming all their financial products were lucky enough to have this data feed.

So how do we reach this dream land where all financial organisations have a universally agreed data format and method of sharing this with 3rd parties? Who will drive this change? Customers demanding it? Banks joining together to work in an open collaborative way to benefit them all? PFMs coming up with an elegant solution they all agree on and that partner banks can agree to? Will the sledgehammer of regulation be needed? Or will an innovative new player such as BankSimple change the game with their API, making everyone else want to follow? I really don’t know. What I do know is that I want this sooner rather than later so if anyone can make it happen please do.

Leave a Reply