Banks fear legality of Web aggregation

The launch of an account aggregation service by Internet bank Egg, this week, was overshadowed as two highstreet banks quickly...

The launch of an account aggregation service by Internet bank Egg, this week, was overshadowed as two highstreet banks quickly moved to distance themselves from the service after expressing concerns about its legality.

The service, called Money Manager, will allow registered customers to view all their accounts, loans and savings - from various banks - through a single Web site.

Companies offering account aggregation services need customers to supply the passwords to their other accounts, allowing the aggregation provider to "scrape" account information together for display on one Web site.

At the launch of its service Egg listed nearly 20 UK banks that would appear in Money Manager. However, both Halifax Bank Of Scotland and Abbey National withheld support for Egg's service, citing security and data privacy concerns.

Abbey National said it was assessing the service and added that it had not given Egg permission to aggregate Abbey National customer data.

Aggregation services have been dogged by legal uncertainty. Last year Egg and Virgin Money decided to delay the roll-out of account aggregation services in response to fears that they may breach data protection and security laws, including the Data Protection Act 1998 and the Computer Misuse Act 1990.

Confidence in aggregation services was also further knocked last year when industry watchdog the Financial Services Authority warned businesses and consumers that its current powers did not extend to regulating the new single-view services. In order to boost consumer confidence, clearing organisation Apacs set up a working group which has published best practice guidelines.

Egg claimed this week that it had informed the main banks of its plans and given them time to raise any concerns, and that its legal advice indicated that Money Manager complied with the Data Protection Act.

The account aggregation service was secure because a customer's personal security details are encrypted on their own PC, whereas under the original plans the data would have been stored on an Egg server, the company said.

A script downloaded on to the customer's PC automatically "screen scrapes" information from their other accounts when the aggregation service is requested.

Read more on IT risk management