On January 13, Visa announced via a press release that it would acquire Plaid, which the company described as “a network that makes it easy for people to securely connect their financial accounts to the apps they use to manage their financial lives.”
Visa agreed to pay $5.3 billion for the fintech firm.
As you might imagine, many in the financial services industry were excited by this news. Venture capitalists had another reason to invest in fintech; Visa would have a way to directly access consumers’ bank information; and Plaid’s founders realized their exit strategy, entering the world of the uber rich in the process.
But what’s really going on here?
Kudos to the team at Plaid for getting the attention of such a major player and getting acquired, but with annual revenues of just over $100 million, why would VISA pay a 53x multiple for them? There’s something more at stake here.
The battle for the consumer’s data
In November 2016, then CFPB Director Richard Cordray made a request for information regarding consumer access to financial records (Docket No.: CFPB-2016-0048). The Bureau said it was seeking comments from the public about entities accessing their financial information with their permission in connection with products or services that use that information. Read fintech apps.
The CFPB opened the investigation to “better understand the consumer benefits and risks associated with market developments that rely on access to consumer financial account and account-related information.”
But some had already decided that the risks were far too serious to ignore. In JPMorgan Chase’s letter to shareholders included with its 2015 Annual Report, Chairman and CEO Jamie Dimon warned: “One item that I think warrants special attention is when our customers want to allow outside parties to have access to their bank accounts and their bank account information. Our customers have done this with payment companies, aggregators, financial planners and others. We want to be helpful, but we have a responsibility to each of our customers, and we are extremely concerned.”
This is exactly what Plaid’s technology allows consumers to do. Banks call this screen scraping and have serious concerns. Dimon summarized them for his shareholders as:
- Third parties are taking far more information than they need to do their jobs.
- Many sell or trade this information in ways consumers don’t understand.
- Often this data is being taken even after the consumer stops using the app.
To top it off, Dimon points out that, “When we all readily click ‘I agree’ online or on our mobile devices, allowing third party access to our bank accounts and financial information, it is fairly clear that most of us have no idea what we are agreeing to or how that information might be used by a third party.”
Dimon’s answer to this problem was simple: give the banks control over the consumer data they will share.
“In the future, instead of giving a third party unlimited access to information in any bank account, we hope to build systems that allow us to ‘push’ information – and only that information agreed to by the customer – to that third party,” he said.
Battle lines drawn
On the surface, it seems that Plaid (and its new owner Visa) is situated directly across the battlefield from JPMorgan Chase and the other big banks. But that could be an erroneous conclusion. Visa’s press release announcing the planned acquisition of Plaid included a quote from Gordon Smith, co-president, JPMorgan Chase and CEO of Consumer and Community Banking.
“We believe Visa’s acquisition of Plaid is an important development in giving consumers more security and control over how their financial data is used,” Smith said. “Protecting customer data and helping them share that information safely has long been a top priority for Chase. We look forward to partnering with Visa to continue building a great experience for our shared customers.”
Does this mean the bank plans to work with Visa or that it believes it has the leverage to drive the payments player to a process it finds less risky?
In our long experience guiding financial institutions through the process of creating mission critical software, we see a number of possible outcomes, none of which involves third party fintech firms having unfettered access to consumer financial data stored at a bank (even if they have the consumer’s permission to access it). Banks will continue on their journey of building out APIs and authentication to better manage where their customer data is being shared. This includes account and routing numbers that allow money movement. Today, most bank APIs in the U.S. do not include the customer’s actual account number which precludes a fintech from moving money. This battleground will surely heat up and Visa\Plaid will be front and center in the discussions and outcomes.