Is account aggregation for you or your client?

If you bank, trade shares or pay bills on-line, an overview of all these accounts at one site, accessed with one password and totally free, is a powerful concept. Andrea Page questions whether on-line account aggregation, as this is known, will catch on in the UK

Some 100,000 people signed up to Money Manager, Internet and phone bank Egg�s aggregation service, in its first four months. On average, people aggregate three accounts, particularly current, deposit and credit card accounts. Users see �asset� products on one side of the screen and �debt� products on the other, with a total balance for each plus individual account balances.

Only accounts that can be accessed on-line are eligible. Egg users can aggregate accounts from 26 institutions at the time of writing; the bank claims this covers 99% of its customers� on-line financial relationships. They can also move money between accounts in the UK BACS payments directly from Money Manager.

While Egg focuses on financial products, Citibank My Accounts service users can also collate e-mail, rewards schemes and on-line shopping accounts. You needn�t be a bank customer to use it - some 20,000 people have joined over 15 months. �The best aggregation service gives access to all aspects of your lifestyle,� says Oliver Felstead, Citibank�s on-line products manager.

Mobile aggregation services and automatic �drag and drop� bill payment are feasible additions. �We�re trying to keep it reasonably simple for now,� says Egg spokesman, James Thorpe. Meanwhile, on-line �infomediary� Moneysupermarket�s long-awaited aggregation service, which will also tell users exactly how much they could save or earn by switching accounts, is due to start imminently. �Account aggregation will come into its own when you can see better deals and do comparisons,� says Chris Nixon, account aggregation general manager. Initially it will cover credit cards, mortgages, loans, savings and current accounts.

Two other banks are also expected to expand the choice of services. Cahoot, Abbey National�s on-line bank, isn�t talking launch dates yet, but First Direct, owned by HSBC, is aiming for the first quarter of 2003, initially to existing customers but with the capability to serve non-customers too.

Will the wider UK public embrace the technology? Aggregation has suffered a rough ride so far. Some major UK banks have been publicly hostile to the third party �screenscraping� aggregation model widely adopted in the US. Users give the aggregator their individual account PINs and passwords, which it uses to automatically �scrape� information from institutions� systems on their behalf.

Citibank launched with this model in the UK but had to alter it after several UK banks withdrew consent, required by computer misuse legislation, because of their concerns about customers handing security information to a third party. To get around the consent issue, users now initiate the scraping of information from non-consenting banks themselves each time they log-on. But their various PINs and passwords are still stored on a remote vault operated by Yodlee, Citibank�s technology partner, and information updates are routed through Yodlee�s server.

With Egg�s model, users also initiate the aggregation process themselves, but this time via software downloaded to their own PC which effectively just automates their various account log-ins. The software also creates a �digital safe� on the user�s PC, where account PINs and passwords are stored in highly encrypted form. Egg itself merely holds part of the encryption �key� enabling users to log-on.

So how safe is aggregation? Because Citibank�s My Accounts users can get at their information from any PC, someone who obtains their password can also raid all their precious security data. Citibank acknowledges this makes it potentially riskier than standard on-line banking.

Richard Brierley-Jones, managing director of Accountunity, Egg�s technology partner, says even if someone steals the user�s PC, they couldn�t unlock the digital safe without the password and user ID for the aggregation service. However, users are tied to a dedicated PC. Citibank�s model, he argues, is theoretically vulnerable to hackers each time users start the aggregation process, at the moment when the aggregator (in this case Yodlee) decrypts account PINs and passwords in order to collect the information from various institutions� systems. �Yodlee is the leading aggregator globally and, since launch, there�s been no security breach in any shape or form,� says Citibank�s Oliver Felstead. First Direct will adopt the Egg-style �client-side� model, as �it overcomes regulatory and legal issues and, more importantly, gives customers more confidence,� says Jonathan Etheridge, head of e-futures.

Egg says it would cover losses to accounts where fraud has been perpetrated through Money Manager. Citibank will also cover any losses through fraud and where a security breach is the bank or Yodlee�s fault, but not if it�s the fault of the individual institution or service user - for example, if you leave the My Accounts password somewhere it can be found. �We�d want to get to the bottom of any problem and support someone thoroughly in any such investigation,� says Felstead.

Certain major banks still contend that customers signing up for on-line aggregation would breach their terms and conditions, because they have to give details of account PINs and passwords. The Financial Services Authority itself warned people to check their various accounts� smallprint.

Robert Courtneidge, partner in the banking technology group at law firm Osborne Clarke, says most banks� terms and conditions forbid customers to disclose PINs and passwords - and he thinks storing them in an encrypted format that can�t be seen or unscrambled by the aggregation service provider itself isn�t �disclosing� them.

There may be an argument where the terms forbid writing down security data, because you must tap in account details when you sign up for an aggregation service, and especially so where customers are expressly told not to store it in any media. But under unfair contract terms legislation, Courtneidge thinks it would be unreasonable for a bank to expect customers to remember numerous passwords without writing them down. And storing security data in encrypted format �would be more secure than writing it down and putting it away in a drawer�.

Any such uncertainty will deter many consumers. Alex Boorman, financial services analyst at Datamonitor, says while some banks appear reluctant to assist the spread of aggregation services, this may partly be a stalling tactic while they develop their own. �I think it will slowly gather pace,� he says, �but if some of the major players do launch, it could really take off.� Notably, Lloyds TSB recently tweaked its on-line banking smallprint to permit customers to use aggregation services.

Robert Courtneidge thinks the big four banks may be forced to do something if smaller players like First Direct and Egg successfully use aggregation to lure their lucrative mortgage and loan customers away, and if their own customers start requesting it. �Then the tide would start to turn,� he says.

Websites
www.accountunity.com
www.cahoot.co.uk
www.citibank.com/uk/portal/consumer
www.firstdirect.com
www.moneysupermarket.com
new.egg.com

Andrea Page is a freelance journalist writing on investment, property and lifestyle issues for a range of UK and international titles including Bloomberg Money and FT Expat magazines.