The app was quickly becoming a cult favorite among penny-pinching U.S. consumers – and also a bane for their banks.
In just over a year, Paul Kesserwani’s startup Cushion has helped users win refunds on almost $1 million in fees by logging into their accounts and disputing charges with an artificial-intelligence chatbot, named Fee Fighter. The app features a cartoon robot wearing a black belt, assuring users “You relax, while I work.” It also lobbies to lower interest-rate charges on credit cards.
So Kesserwani was wary when one of the largest U.S. lenders called late last year, seeking a list of his IP addresses. The bank said it wanted to ensure Cushion’s computers wouldn’t be flagged as suspicious. Weeks after he handed over some of the information, it called again, warning it might block Cushion’s servers from accessing customer data. But Kesserwani wasn’t willing to quit.
“A bank with millions of customers can’t police the internet,” he said. “Companies with sophisticated tech like ours will have no problem bypassing any blocking attempts.” He spoke on the condition the bank not be named, because of concern it may exacerbate the situation.
Long-simmering tensions between the financial industry and Silicon Valley startups are erupting behind-the-scenes into a battle over the reams of valuable data held inside Americans’ bank accounts. In recent months, major banks including JPMorgan Chase & Co. and Capital One Financial Corp. have led the industry into a fresh campaign to control how outsiders tap into sensitive customer information. The lenders say their highest priority is protecting consumers.
Yet, executives at a number of Silicon Valley ventures say they’ve been threatened by banks with being blacklisted if they don’t agree to strict new terms. They claim consumers are being constrained in using their own data to better manage their money.
“Giving consumers the ability to safely permission their data so they can use these services isn't just a nice to have, it's an imperative,” said Sima Gandhi, head of business development and strategy at Plaid Technologies Inc., which gathers data from banks on behalf of apps.
The fight has implications for thousands of so-called fintech startups aiming to disrupt parts of the traditional financial world. The competition is fierce. There are almost 2,300 fintech apps in the U.S., offering help with budgeting, investing and payments, according to market research firm Venture Scanner. Many rely on access to users’ bank records. Getting locked out can kill their business.
Financial firms have long warned that not all apps are trustworthy: They may collect more data than they need, store it insecurely or sell it to third parties. Even worse, banks fret about what would happen if an app were hacked, exposing account numbers and passwords and opening the way for looting. Banks argue apps would be liable, but they may not have the cash to make victims whole.
The solution proposed by a growing number of banks is a special gateway – known as an API – that restricts how much and how often apps can tap information, while also setting contractual limits on what they can do with it later.