How Envestnet | Yodlee Secures the Financial Ecosystem
When it comes to financial services and innovation, security is paramount. That’s why Envestnet® | Yodlee® considers the impact to every key stakeholder to ensure that every product on our platform meets the most stringent security and compliance requirements.
Envestnet | Yodlee drives financial innovation in a collaborative ecosystem – securely bridging the needs of consumers, financial institutions, and entrepreneurs. Toward that goal, we’ve been active on a few key fronts:
1. Partnering with Top Financial Institutions to Access Direct Data Feeds
Our team at Envestnet | Yodlee is working with financial institutions to formalize standards for data exchange via structured feeds as an alternative to screen scraping. While responsible screen scraping will likely be necessary for the foreseeable future to insure consumer access and inclusion, direct feeds via APIs provide financial institutions (FIs) with improved performance and reduced operational risks. Key industry initiatives in this area include the OFX Consortium, FS-ISAC’s Durable Data API specification and the UK Open Banking Standard.
Today, the Envestnet | Yodlee Financial Data Platform gathers approximately 70% of its data through direct data feeds which includes leading financial institutions. What this means is that, with consumer permission, we can directly access their financial data to provide greater actionable insight into their financial health. This integration greatly improves security and performance, enabling personalized and intuitive digital banking experiences. We’re working to extend these benefits to all consumers worldwide.
2. Providing Technical Thought Leadership on Authentication Protocols
Envestnet | Yodlee is also providing technical leadership in the development of alternative authentication mechanisms for consumer-permissioned aggregation. This includes updating our applications to support read-only credentials and token-based entitlement using OAuth as well as other emerging authentication and authorization protocols to keep pace with industry, regulations and technology.
3. Supporting Consumer Data Privacy and Security Standards
Envestnet | Yodlee is engaged with prudential and consumer protection regulators, industry groups and consumer advocates to develop and promulgate standards for consumer-permissioned aggregation and responsible innovation in fintech.
We already employ sophisticated security safeguards, including hardware-based data encryption to ensure that the data we aggregate is secure. Equally important, we apply strict privacy standards to ensure that our transaction data is collected and handled per consumers’ explicit permission, is safeguarded to their expectations, and is de-identified when it is used to derive analytics and reports. We believe that our approach can serve as a model for industry standards and guidelines.
As a result of our mature position in the financial ecosystem and of our layered approach to security, privacy protection and compliance, our banking and fintech partners benefit from reduced risk to their products, applications and their customers. This is especially important for an industry as disruptive – and as sensitive – as fintech.
Our harmonized security, privacy and compliance strategy strikes the right chord for fintech innovators and financial institutions because we encourage them to consider security along with feature and functionality when evaluating threats and business requirements. This provides consumers with valuable applications and services that help them manage their finances while ensuring their information stays secure and private.
To enable online and mobile banking services powered by aggregation technologies yet also protect consumers from data loss while adhering to regulatory and legal requirements, download this whitepaper on aggregation platforms and security.