You know how vital it is to have easy access to your financial data in order to run your financial life. So important, that Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act requires banks and brokers to provide their customers with electronic access to their own financial data. \r\n\r\nJ.P. Morgan, Wells Fargo and other big banks and brokers have proposed a plan that would have the effect of restricting their customers\u2019 data access. In his annual letter to shareholders, J.P. Morgan CEO Jamie Dimon emphasized how concerned he is about protecting the security of his customers:\r\n\r\n\r\n\u201cOne item that I think warrants special attention is when our customers want to allow outside parties to have access to their bank accounts and their bank account information. Our customers have done this with payment companies, aggregators, financial planners and others. We want to be helpful, but we have a responsibility to each of our customers, and we are extremely concerned... We are now actively working with all third parties who are willing to work with us to set up data sharing the right way.\u201d\r\n\r\nContrary to Mr. Dimon\u2019s intention, this \u201cright way\u201d would actually decrease customer access to their data and weaken the cybersecurity protecting the money in customer accounts at his bank. The existing ecosystem of data aggregation operates at huge scale with high security connecting 14,000 financial institutions with tens of millions of consumers. It isn\u2019t broken. Let\u2019s be careful not to break it.\r\n\r\nThe banks propose to use a cybersecurity protocol called OAuth, a recognized framework that would be a good choice to solve a different problem. OAuth requires a central \u201cIdentity Provider.\u201d Some banks want to be that Identity Provider, in order to shift control of the data from the consumer to the bank, and to decide who gets what information when. In his shareholder letter, Mr. Dimon stated why he wants to determine who gets access to which data: \u201cFar more information is taken than needs in order to do its job.\u201d Personal Capital believes each customer should have the right to determine which data they want. \r\n\r\n\u201cMalware and phishing are constant security hazards for consumers. The most vulnerable moment for a hacker to steal your password is when you type it into your own browser,\u201d said our Chief Technology Officer, Fritz Robbins. \u201cMinimizing the number of times that bank passwords are entered on your browser helps keep online banking safe. When you use a data aggregation service like Personal Capital, you enter your bank password once and only once. Never again do you need to enter your bank password to see your bank data.\u201d\r\n\r\nThe current ecosystem of data aggregation uses a combination of four methods to securely collect the data: Secure Channel, OFX, Server-Side Scraping and Client-Side Scraping. \u201cUsing any of these methods, you enter your bank password only once,\u201d said Robbins. \u201cUsing OAuth, you\u2019d have to enter your bank password any time the bank chose to expire your OAuth token \u2013 potentially daily. And you\u2019d typically have to type it into a pop-up browser window similar to that used in phishing attacks.\u201d \r\n\r\nWidespread use of OAuth would weaken the cybersecurity protecting consumer bank accounts. OAuth is less secure than the current methods of data aggregation. Surprising as it may be, the least secure way to look at your bank data is to log into your bank website.\r\n\r\nThe following diagram is from Personal Capital\u2019s response to the Consumer Financial Protection Board (CFPB) Request for Information Regarding Consumer Access to Financial Records. See the full report at personalcapital.com\/rights \u2013 it\u2019s a bit of a snoozer, but not bad if you\u2019re trying to nod off.\r\n\r\n \r\n\r\nNot only is data aggregation a more secure way to look at your bank data, it\u2019s also the best available means to protect your accounts against fraud of all types. We recommend everyone monitor their accounts twice a week. With an aggregation service, you can see all transactions in all accounts at all banks and brokers in 30 seconds.\r\n\r\nI\u2019m a bit of an expert on cybersecurity. I founded three different cybersecurity companies \u2013 one of which built the online authentication system used by the majority of the bank websites in the U.S. \u2013 and served on the board of directors of RSA Security, the largest cybersecurity company in the world. \r\n\r\nAnd I\u2019ve previously commented on the banks\u2019 campaign to require OAuth before granting customer access to their own data. Over one thousand Personal Capital customers have expressed their opinions by email, post or video, too.