Skip to content

The PFM Debate

According to new research from Fiserv Americans prefer to access personal finance management (PFM) tools through banking Web sites, with security concerns trumping the advantages, such as account aggregation, offered by third party providers.

These are very interesting results and demonstrate how security-conscious consumers are, despite the benefits that PFM sites promise. True, a full view of all your accounts in one place via a PFM site gives a useful indication of all assets and how best to manage them, but the threat of losing all those assets through a security lapse is a risk. Those who were polled for this piece of research are right to be worried as these aggregator sites may pose a weak link in the security chain, for example if they aren't PCI compliant or don’t employ sophisticated anti-fraud measures like 'out-of-band' communication and IP Profiling.

There are also other worries for me, as an anti-fraud specialist. One is that the originating banks may not be able to see all the activity performed on the sites so will not be able to build a robust profile of their customers’ activity. On top of this, the behaviour of the sites is often close to that of a trojan whereby log in and page clicks are done rapidly by a script - this could cause a bank to have false alarms of malicious activity on an account leading to disruption of service for the customer.

All of this means that it is vital that customers wanting to use PFM sites take the time to understand the way in which they work and how liability for fraud may shift as a result.

I agree with the George from TowerGroup and I think it will be interesting to see is how financial institutions evolve their current online offerings. If there is a desire from customers for PFM functionality, but not the desire to use PFM sites, perhaps that is indeed where the financial institution can step in.

David Divitt

Fraud & Risk Solutions Consultant