Online personal financial management start-up 22seven on Wednesday accused Absa of blocking its US technology partner Yodlee from accessing users’ internet bank accounts.
Absa confirmed it had blocked the service and on Wednesday defended its decision in an interview with TechCentral.
22seven has provoked an outcry from local banks which have warned users not to share their banking credentials with third parties.
The start-up, headed by Christo Davel, the former head of now defunct online bank 20twenty, requires users to provide their internet banking login details so it can provide them with a detailed and graphics-rich overview of their income and expenditure and help them prioritise their personal spending.
Christo Vrey, head of digital banking services at Absa, says the bank has begun blocking the service, preventing Yodlee from accessing users’ bank accounts. Vrey says it’s doing this to protect Absa clients and reiterates that if its customers provide their login credentials to a third party, they are violating the terms and conditions of service of Absa’s online banking site.
He says Absa recognises that there are “benefits to personal financial management tools” and is also not opposed to the idea of publishing a secure and open application programming interface (API) that would allow third parties to access its customers’ statements. But, he says, this would “normally require a conversation and a whole series of arrangements and context around that”.
“By automatic action, we can’t say here’s an API. The data privacy and data integrity of my clients remains paramount. I cannot just open this to anybody out there without a conversation and context around that.”
Davel, on the other hand, says again that there’s no reason consumers who provide their login details to 22seven partner Yodlee should worry about fraud. He says the service offered by Yodlee is secure and the US company has never experienced a breach in its systems. At no point in the process are users’ bank login credentials stored by 22seven.
“We will not be intimidated,” Davel tells TechCentral, adding that 22seven has an “established, credible team of people with blue-chip investors”. He says he is troubled that the banks are not, in his view, differentiating between criminals who engage in phishing scams and reputable companies like 22seven and Yodlee that have a valid interest in accessing the data to help consumers save money.
Davel says he is aware of the risks around banks potentially not refunding customers for fraud on their accounts if they are compromised in any way if they share their login details with third parties, but he accuses the institutions of engaging in “old-school FUD tactics”. FUD is a propaganda term, meaning casting “fear, uncertainty and doubt”, often in the minds of technology users.
“We were fully aware of the risks and that we’d be the first guys to do it in SA,” he says. “You have to earn the trust of consumers. We have a team of industry veterans who have done this. We have built a trusted brand from scratch. You get there by being completely honest.”
In a statement last week, Absa warned its customers that if they provided 22seven with access to their internet banking credentials, it might not cover them in the case of fraud, even if that fraud is unrelated to 22seven.
In the statement, Absa’s Vrey warned that disclosing sensitive information would render the bank’s customers “completely liable for any losses” that occur due to “phishing” or other online fraud. This was in line with Absa’s online banking terms and conditions.
But in an email to Absa customers that use the 22seven service, the start-up says that although data aggregation is new to South Africa, it is used by millions of people around the world and has been for years. It says Yodlee has “an impeccable track record” and gathers data from Bank of America, Citibank and other large institutions.
22seven says it did not encounter problems with Absa accounts during its closed testing phase that preceded its public launch last week and will attempt to resolve the problem with Absa as swiftly as possible. — TechCentral