JPMorgan Chase said fintechs have until July 30 to sign new data access agreements with the bank and agree to a plan to stop using customer passwords to gather data, sources told Reuters.
Companies that don’t agree to a "concrete plan" to transition to a new method of collecting customer data by the July deadline will be barred from accessing customer data, according to an email the bank sent fintechs in late January, sources said.
A bank spokesperson confirmed the contents of the letter and said JPMorgan has already signed agreements with more than 95% of companies that request data access.
JPMorgan Chase’s deadline shows it is following through with its plan to tighten security around customer data.
The country’s largest bank announced in early January it planned to ban third-party apps from accessing customer passwords and issue tokens for access to a limited amount of data in a secure form.
Fintechs such as Venmo and Betterment often use data aggregators like Yodlee or Plaid to connect to a customer’s bank account.
"We’ve been working on this with aggregators and fintechs since 2016 because our secure [application programming interface] is the best way to help our customers make smart money decisions more easily and safely," Paul LaRusso, managing director of digital platforms at JPMorgan Chase, told Reuters.
JPMorgan has cited security as its reason to eradicate password-based access by third-party apps. CEO Jamie Dimon has warned about the risks of data sharing for years.
"Many third parties sell or trade information in a way customers may not understand, and the third parties, quite often, are doing it for their own economic benefit — not for the customer's," he wrote in a 2016 letter to shareholders. "Often, this is being done on a daily basis for years after the customer signed up for the services, which they may no longer be using."
A recent security upgrade at Pittsburgh-based PNC Financial Services Group kept data aggregators from gaining access to customers' account numbers and routing numbers last fall, and experts said banks are expected to continue revamping their security around third-party data access throughout 2020.
"Banks will push to maintain status as the primary source of value with customer relationships," John Mitchell, CEO of financial technology provider Episode Six, told Banking Dive last month.
Banks stand to lose their legacy relationships with customers if a third-party provider is compromised, Mitchell said.
"Overall, as bank tech catches up to fintechs and as they continue to focus on building innovative solutions for their customers, these decisions may become more common," he said.