Pressure is mounting for PNC Bank after it locked out clients from using bill-splitting app Venmo, but the affair also highlights a the question of whether open banking should be introduced in the US.
The problems are caused by a security update that locked out the data aggregator Plaid, which Venmo and other apps use to access bank data.
For instance, share-trading apps Robinhood and Acorns use Plaid to connect to cryptocurrency exchanges Coinbase and Gemini.
The consequence of Plaid being unable to access the information about PNC Bank customers is that people cannot use the app, at least not with their PNC Bank accounts.
And people are getting angry about it, with many of them taking to Twitter to vent their frustration.
In response, the Pennsylvania bank and the PayPal owned payment app have decided to simply blame each other for the service outage.
PNC Bank stated the reason Plaid was denied access came down to security and the bank’s desire to protect its customers from fraud.
“PNC supports our customers’ use of such apps, balanced with our steadfast commitment to protecting them from fraud,” a PNC spokesperson said in a statement seen by CNBC. “That commitment has never been more important as the financial services industry has seen an uptick in fraud that appears related to data aggregators and data aggregator supported apps.”
Instead, the bank suggested that customers should switch to Zelle, a Venmo competitor owned by major Wall Street banks.
Venmo struck back, telling users on Twitter to tell PNC Bank to “let me use the financial service apps I need!”
John Pitts, head of policy and advocacy at Plaid, told CNBC that other banks have no problem working with the app and hope that PNC Bank would like to talk with Plaid to restore the access to its customers.
The conflict also highlights a key regulatory issue.
Third party providers like Plaid are basically essential to connect apps to bank accounts. However, it is understandable why banks would be reluctant to share the data with outsiders.
This issue has been hashed out in the EU with the resulting open banking rules outlined in the revised Payment Service Directive (PSD2), which forces incumbent banks to open up their data to third party providers.
PSD2 came into full effect on September 14, 2019. While some financial services providers had some concerns about the readiness of the sector, banks and regulators eventually seemed positive about it.
Understandably, the law has given FinTech non-banking startups a leg up to create new products of data about how customers spend their money.
Karen Mills, a senior fellow at Harvard Business School, told CNBC that a similar solution to PSD2 is needed in the US.
“Open banking will drive more innovation that is good for customers and the financial system – and provide a secure an regulated environment,” she said. “This direction is urgently needed.”
More recently, PSD2 has mostly been in the headlines due to the introduction of the new strong customer authentication rules (SCA), which would require banks, FinTech firms and everyone else who accept online payments to introduce a two-stage identity verification process for their customers.
SCA was supposed to be introduced in September, but the European Banking Authority gave national regulators the power to postpone the implementation date.
Copyright © 2018 RegTech Analyst