Skip to content
Go to Home Page
News

Chase tightens customer data security on third party sites

Articles
Carissa Rawson is a Points and Miles Reporter at TPG, helping readers get to where they need to go, faster (and cheaper). You can find her in your nearest Priority Pass lounge, sipping free coffee and obsessively researching travel.
Jan. 05, 2020
2 min read
credit card CVV2 code online payment security
Chase tightens customer data security on third party sites
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.
Sign up for our daily newsletter

If you're like many of us here at TPG, you likely have a third-party app that tracks your account balances, free night awards and various credits for each of your rewards programs. For me, that means Award Wallet is my go-to website for managing all of my (many) accounts, though there are dozens of choices out there.

Now, it looks like it may become a bit more difficult for these websites to gain access to your information. According to the Financial Times, Chase is set to ban fintech apps from accessing your accounts via password. This includes companies like Award Wallet, which scrapes your account for balance information in addition to providing automatic logins to the website.

Sign up for the free daily TPG newsletter for more travel tips!

This is a move to make your accounts more secure, as current methods allow third parties complete access to your account. And while these third parties (hopefully) are not exploiting that data, handing over your password leaves your account vulnerable, as noted in a shareholder letter by Chief Executive Jamie Dimon. "Many third parties sell or trade information in a way customers may not understand, and the third parties, quite often, are doing it for their own economic benefit — not for the customer's. Often this is being done on a daily basis foe years after the customer signed up for the services, which they may no longer be using," said Dimon.

Unlike other companies that have outright banned third-party permissions, however, Chase will be looking to use a token-based system to allow these companies access. The token will allow limited information to come through to the third party, rather than complete access to your account information.

Companies are already jumping on board, with information aggregator Yodlee moving to token-based access, while Plaid (which connects to many other personal finance websites) has also signed up to start using tokens.

What does this mean, in practicality? It shouldn't mean much, to be honest. Though you'll lose the ability to automatically log in, it should be well within the scope of a token to provide reward balance information, which means your balance tracking apps should continue to work just fine. Even better, you can rest easy knowing your information will be secure.

Featured image by Getty Images/iStockphoto