A lot has changed in fintech since the 1990s, but data security for finance and banking customers has always been important. So why has a method that asks customers to give away their login details to third party companies been around so long? Our explainer fills you in on why screen scraping is on its way out, and API platforms are rapidly taking their place.
What is screen scraping?
Screen scraping is a method that allows third party companies (their developers) to access webpage data that users would normally have to log in to acquire. Apps for payments, budgeting, investment and loan management show you your financial and other information outside your banking website using their own unique UI (User Interface). They often consolidate data from multiple sources and give you the ability to see, compare, track and use information in all kinds of valuable ways. In the early days of fintech, before there was much opportunity for API connectivity, screen scraping was the main way banking app developers gathered this information.
How does screen scraping work?
With screen scraping, companies are essentially logging onto digital portals on behalf of customers. When a customer starts using a third party app, they’re shown a mirrored login page, which looks and feels similar to their financial institution’s website. Customers are then asked to share their login information, including passwords and other security details, so the third party company can log in as the customer. Once logged in, the third party company uses screen scraping tools to programmatically carry data over to an external database. Any information you would normally see when you’re logged in is “scraped” off the screen for future use by the developer outside the original bank webpage.
What’s wrong with screen scraping?
What’s the first thing that’s drilled into you when creating accounts for websites? Don’t share your password! That goes double for banking sites. With screen scraping, customers have no choice but to break this cardinal rule, providing sensitive authentication data to third parties for storage elsewhere, making it vulnerable to loss and misuse. That’s not only a security risk for the customer, it’s a big risk to financial institutions.
The challenges don’t stop there. Third party developers using this method need to log in frequently in order to provide customers with up-to-date information. However, because it’s an automated process, they “scrape” much more information than they need, slowing down an already time-consuming process. What’s more, financial institutions are constantly tweaking their webpages, or purposely changing them to prevent screen scraping. That costs banking organizations time and money that could better be spent on other services. That resource spend costs third party companies, too. If they don’t recognize and adapt to those changes in time, they could miss important information, with negative impacts for end users.
In the beginning, screen scraping was a clever hack that let a relatively small number of third party developers access banking information for interested customers in apps they found useful. It wasn’t a big threat to the financial industry. However, with the massive growth in fintech, an “us” versus “them” situation has evolved. The financial institutions may “win” with their prevention methods but, in the end, it’s the customer who loses. The app they loved so much fails and they wonder who’s really in charge of their personal data.
Why APIs are replacing screen scraping
Customers and developers alike can soon breathe a sigh of relief because a movement is underway to make things far smoother between fintech developers and legacy financial institutions. Instead of screen scraping, app developers are creating or using third party API (Application Programming Interface) platforms that work directly with partner organizations to access customer account data more securely and with greater accuracy and speed.
Instead of giving login credentials directly to third parties, for instance, API platforms let users grant permission to share their data with third parties – and that permission can be revoked whenever necessary. For fintech startups, instead of scraping unnecessary information and playing catch-up with banking webpages, they can use API platforms to access the precise data they need, instantaneously. API platforms perform with greater efficiency and place a far lower burden on their own web infrastructure.
Third party API platforms are the stabilizing ground between fintech companies and partners and operate in line with regulatory norms. Instead of engaging in constant competition that leaves customers by the wayside, they cooperate to create a managed ecosystem that captures value from both sides.
Best of all? Increased integration through API platforms in finance means a more secure, more collaborative relationship that empowers companies to identify exciting new business models and opportunities, deliver greater value and an even better customer experience.