With data sharing between banks, financial institutions, and third-party applications on the rise, enabling technologies supporting the underlying data exchanges are also undergoing development to both streamline processes and bolster the safety standards for users. And while many banking and finance firms, fintechs, and third parties have already adopted methods to share their user data in a controlled way via APIs, many still rely on screen scraping to collect user data. 

In this article, we’ll explore the differences between screen scraping and API-based data access and explain why Akoya is fully committed to API-only connections. 

What is screen scraping? 

Screen scraping is a data access method where an aggregator logs into an online service, such as a banking portal, with a user’s account information or login credentials (e.g., personal banking username/password), as if they were the user.  

The technology works by allowing users to provide their credentials to a third-party application, typically directing a user to a login screen resembling their banking or financial institution’s website. A bot is then sent by the third party to log in to the bank’s website on behalf of the user to “scrape” and store all available account information. The third-party application then shares the extracted information with the aggregator, who also stores that data. 

Screen scraping, while common, can sometimes lead to issues with data integrity, negative user experiences, and high website traffic. When screen scraping occurs, user credentials are being held externally by non-authorized (and potentially unregulated) third parties, with no ability to manage who is accessing this data. This can allow sensitive data to be resold and accessed beyond what each user permitted, even when the application is deleted. A study done by The Clearing House in 2021 found that 80% of fintech users are largely unaware that applications use third-party data aggregators to gather users' financial data. Moreover, some websites may be slow to scrape, or block screen scraping entirely, meaning a fintech’s website and user experience are negatively impacted. Now is a better time than ever to eliminate screen scraping as a data exchange method. 

What is API-based data access?

An application programming interface (API) is a dedicated set of functions and procedures that allow applications to talk to one another. Many financial institutions have developed and implemented APIs to provide a viable alternative to screen scraping for financial data access. By acting as an intermediary for websites and software to communicate and exchange information, APIs can be used for secure data sharing without the need for the user’s credentials and account numbers. This enables all members of the ecosystem, including end-users, to have greater data oversight, control, and transparency. 

How Akoya uses API-based access 

At Akoya, we aim to transform the way users provide access to their data with increased security, privacy, and control over their information. Akoya’s Data Access Network (DAN) enables financial institutions and users to share authorized data with third parties.   

  • A user enters their login credentials directly with the bank and must agree to the level of data requested before access via API is enabled. 
  • Akoya handles all third-party connections on behalf of the bank.  
  • Once a user is authenticated, permissioned data is passed through a single integration with Akoya.  
  • To further de-risk data sharing, API access is managed securely via tokens. After a user consents, access tokens are exchanged in place of the user’s credentials—in the case of an issue, a user can revoke access through their bank or their third-party application by simply invalidating the token.   

Using a passthrough model, Akoya offers considerable risk mitigation as neither login credentials nor non-permissioned data are copied, stored, or exposed. In turn, banks and financial institutions leverage a more secure, scalable, user-consented, real-time data sharing method with guaranteed reliability and speed.   

Our mission is to make accessing and sharing financial data as easy and safe as possible. To learn more, read about our approach to security, or contact us for more information.