The most secure scenario would be for an account holder to be the only one who can access their account. That said, users are connecting their financial accounts with or without our integration to these data aggregators. The security benefit of this integration lies in something called an API token—the most secure way to provide authentication credentials on the internet today—where users’ credentials are stored within a “token” that does not expose their details.
We use an open security standard called OAuth 2.0 and OpenID Connect—meaning any other platform that supports this standard can easily and securely integrate with our platform. If one of these services does not support this standard on their own, our integration with them creates a secure bridge between our own security protocols and theirs, providing an additional layer of security that’s up to our standards.
Increased visibility is another security benefit of these strategic integrations. Logins through a data aggregation service will display in Banno Activity and you’ll know that it’s the service—not the user—who is logging in. And for your account holders, this integration also allows users to manage which apps they’ve shared their financial data with directly in Banno Online.