At Fidelity, everything we do is with our customers’ financial well-being in mind—that includes ensuring the privacy and security of our customers’ data. Fidelity continuously works with security experts and policymakers to find ways to make customer-directed data sharing more secure.
At Fidelity, we support our customers using third-party tools that facilitate beneficial services like peer-to-peer payments or personal finance management. But, when customers share their Fidelity account data with these third parties, we want to ensure they are doing so in a secure way.
That is why Fidelity continues to take steps to address unsafe practices, like screen scraping, a data collection method used by some third-party websites, applications (“apps”), and data aggregators. When data aggregators screen scrape, they ask customers to share their private log in credentials (e.g., username and password) to access the customers’ financial accounts and collect, or “scrape,” information from the institution’s website, oftentimes more information than is necessary to provide the beneficial service the customer wants. The aggregators then pass that data to the third-party app that is their end client or retain the data for their own use. For these reasons, screen scraping and credential sharing present significant security risks for our customers.
To enhance the protection of our customers’ account data, Fidelity has implemented a secure connection to allow access to our customers’ Fidelity accounts by the third parties that our customers have authorized. Fidelity is now requiring all third-party websites, apps, and data aggregators to transition to this secure, integrated connection, or standardized application programming interfaces (APIs), to access our customers’ Fidelity account data. Fidelity has been working with many of the industry’s data aggregators on smooth transitions to this integrated connection for years. Starting on October 1, Fidelity will begin prohibiting third parties that are not making this transition from accessing our customer data through the unsafe practice of screen scraping.
Fidelity has long been advocating for continued improvements in customer-directed data sharing. Three data sharing principles guide us. We believe in:
- Putting customers in control of sharing their financial data. Customers should be able to grant, manage, or revoke access to their financial data as they see fit. To do this, we believe customers should have transparency into how their data is being shared and by whom.
- Using customer-authorized third-party websites and apps. We support the use of authorized third-party tools and believe in the power of data sharing, if directed by our customers, to drive efficiencies and choice for financial customers.
- Helping customers share their financial data safely and securely. This includes moving away from unsafe practices, like screen scraping, and adopting more secure practices, such as restricting data sharing to only what is necessary for the service that is being provided.
For years, Fidelity has invested in our data infrastructure, including enhancements in our security protocols to help protect customers’ financial data. Fidelity’s adoption of API connections is fueled by our charge to find ways to make customer-directed data sharing more secure. We believe these changes are important for the industry to address unsafe practices like screen scraping.
###
Fidelity Brokerage Services LLC, Member NYSE, SIPC, 900 Salem Street, Smithfield, RI 02917
Fidelity Distributors Company, Inc, 900 Salem St., Smithfield, RI 02917
National Financial Services LLC, Member NYSE, SIPC, 200 Seaport Boulevard, Boston, MA 02110
1106614.1.0
© 2023 FM LLC. All rights reserved