JPMorgan to ban third-party fintech platforms from accessing customer passwords

JPMorgan Chase is to enforce stricter security measures, banning third-party fintech apps from accessing customer passwords.

The existing method of data sharing provides -- with permission -- numerous apps with access to customers' bank accounts, but concerns have been voiced about the possible dangers. No timetable has been set out, but the American finance giant intends to use a token-based system that will provide third parties with access to "a narrow range of data in a secure form".

The move comes three years after chief executive Jamie Dimon issued a warning about the system that is currently being used and the fact that many people do not realize the level of access they give when signing up to privacy agreements.

In a shareholder letter back in 2016 he wrote: "Many third parties sell or trade information in a way customers may not understand, and the third parties, quite often, are doing it for their own economic benefit -- not for the customer's".

Speaking to the Financial Times, Chase's head of digital, Bill Wallace, said that the organization was now looking to not only issue tokens for access to a limited amount of data, but also to get customers' passwords "out of the system". The system is already used by aggregator Yodlee in all of its interactions with Chase, and Wallace expresses his belief that the switch to tokens should neither deter customers from trying new platforms, nor prevent apps from providing services to them.

Image credit: Robson90 / Shutterstock