Our integrations with data aggregators further improve your institution’s ability to serve as the hub of end users’ financial activity in a safe and secure manner. End users securely and reliably connect their accounts to popular fintech apps by authorizing each specific app, so the data aggregator can use the Banno API to securely pull the related data. In other words, this helps your end users say goodbye to screen scraping—yay! As part of these integrations, you’ll see a new user and added external applications in Banno People. What you see configured for each data aggregator depends on how many external applications the aggregator registers:
- A single, overall external application (e.g. Plaid)
- An external application for every partner app (e.g. Finicity, Akoya, and Yodely)
Where we are headed
As the Jack Henry Banno Digital Banking Platform transitions from screen scraping to secure, API-based financial data exchange, all inbound screen scraping will cease by the end of 2023. Inbound screen scraping on the Banno Digital Banking Platform will be replaced with API connections to the five major data exchange platforms, including Finicity, Akoya, Plaid, Envestnet, Yodlee, and Intuit.
Replacing inbound screen scraping for more than 700 banks and credit unions on Jack Henry’s Banno Digital Banking Platform inaugurates a new and more secure era of financial data exchange.
Where we were before
Screen scraping, while a common practice throughout the industry, presents multiple challenges in both security and customer experience. Screen scraping is an automated process that uses bots, web crawlers, and other proprietary tools to log into websites on behalf of end users using their passwords and credentials. In addition to being a slow and unreliable means of data extraction, screen scraping makes it difficult for financial institutions to distinguish legitimate login attempts from fraudulent ones, leaving systems vulnerable to credential-stuffing attacks and other cyber threats that continue to plague the industry at large.
Why the change
With API connections, end users have more control of their financial data and financial institutions are protected from a wide range of fraud and security risks that arise from passwords shared with third parties. Unlike the indiscriminate data extraction performed by screen scraping, open-API aggregation allows end users to specify, minimize, and fully control their data and how it’s shared with third-party providers—including the ability to grant or revoke data permissions within their bank or credit union’s digital banking experience.
Changes on Banno Admin
As we establish the tightly restricted access that a data aggregator needs to register their external applications, you may notice changes in Banno People and Banno Users & Groups.
- Banno People
- External applications
- Aggregator name
- App name
Each data aggregator has their own section that lists their registered, individual external applications. You’ll see this apps list grow as the data aggregator registers each app.
- Banno Users & Groups
Each data aggregator has a single, user created. This user has has very minimal permissions—their rights are restricted to viewing groups and registering their apps only.
- Banno Users & Groups
The data aggregator’s user is added to its own new user group with access rights that are restricted to registration of their partner apps.
- Banno Users & Groups
- External apps
Each data aggregator has a new external app added. It’s only accessible by the data aggregator’s user group and its lone user.
Implementation and support
These integrations offer your institution zero-lift and zero-cost access to these networks, so there’s no support ticket needed. Once a data aggregator registers all of their external applications and the integration is fully ready, we enable it for all institutions. Interested end users will then authorize each specific app they want to use, so the data aggregator can use the Banno API to securely pull the related data.
We coordinate with these partners to enable stability of the API connection; however, we cannot provide support for specific external applications or end user issues. You’ll need to contact the specific data aggregator directly.
|Data aggregator||Support email|
|Finicity||OB.Institutions@mastercard.com & Institutions@finicity.com|
View and manage third-party apps
- Connected apps
When an end user gives a third-party app permission to access their account data, a list of the end user’s Connected apps displays in their security settings. An end user can manage their connections to third-party apps and view details when they click on a specific app.
- Last used
- The most recent date the connected app accessed data for the end user.
- Grant access date
- The date the end user gave permission to third-party app, allowing the app access to their account data.
- Information that the end user consents to giving the app access to. Permissions vary from app to app and can include access to basic account info, account details and balances, transaction details, and more.
- Revoke access
- When an end user removes an app’s access to their account, the app can no longer pull new data from the account, and it’s removed from the list of Connected apps.
- What is the difference between data aggregators that register a single external application and multiple ones in Banno People?
- Some data aggregators, such as Plaid, opt to register a single external application in Banno People. If end users use that application, they’ll give a one-time consent to let the aggregator pull their data from our API platform.
Other data aggregators opt to register each of their partner fintech apps as individual external applications in Banno People. This approach requires an end user to consent to each specific app before the data aggregator pulls the end user’s data via our API platform.
- What happens after an end user consents to a third-party app?
- When they use a third-party app, they’ll use their Banno credentials to login. In Banno Apps, the third-party app displays as a connected app in their security settings where they can view and manage all apps they consented to.
- What should I do if an end user wants to add an account using Finicity but their institution doesn’t appear in the list?
- We can request new institutions to add to Finicity. Reach out to your support representative if an unlisted institution is needed.
- What is the difference between having Finicity as a data integration partner (and utilizing external applications) and using Finicity as part of the Geezeo Personal Financial Management (PFM) experience?
- Our data integration partnership with Finicity allows them to securely pull end user information from Banno Apps to display in a third-party application. The Geezeo PFM experience allows Finicity to securely pull an end user’s account information from third-party institutions to display in Banno Apps.