In an era where digital transformation is reshaping our lives, financial technology, or fintech, stands out as a driver of innovation. Eight in ten Americans use a fintech product to budget, invest, save, or spend with confidence. These digital financial tools appeal to consumers and small businesses because they offer greater control, personalized insights, and better services.
As we mark Data Privacy Week, it is crucial to focus on the role fintechs play in protecting users’ money and personal information and the need to modernize federal policies so that people have a consistent privacy experience. Open banking rulemaking is a step in the right direction, accelerating the transition to guaranteed financial data rights for all Americans, along with appropriate safeguards. Nevertheless, comprehensive federal privacy legislation is needed to ensure consumers and small businesses have equal protection under the law, regardless of where they live and how or when they seek to share their data.
The Fintech Effect: Bringing a Customer-First Mindset to Data Protection
As digitally native companies, fintechs bring an innovative, proactive, and technology-driven approach to everything they do, from product development to fraud prevention, cybersecurity measures, and more. The results are in the numbers: trust in fintech continues to grow, with nearly eight in ten Americans (79%) saying they are comfortable opening a financial account with a fintech provider.
The fintech differentiator means thinking about the user experience throughout all aspects of the product development journey, from embedding advanced measures to fight fraud, like encryption and transaction monitoring, to giving compliance and legal teams a seat at the table from Day One. Here are some examples of fintech companies leading the way in privacy and data protection.
- Leading with Commonsense Digital Security Measures: “Investors are increasingly prioritizing security and privacy practices when selecting an investment partner. We’ve found that it is important to both get the basics right — things like multi-factor authentication, encryption, and transaction monitoring — and also offer investors choices in areas such as the use of biometric authentication or privacy sharing.” – Betterment Vice President of Risk and Infosecurity, Dave Dyk
- Working Hand-in-Hand with Legal, Compliance, and Security Teams: “At Bluevine, our Legal and Compliance and Security teams have substantive roles in the product development and go-to-market processes. Through this collaboration, Bluevine ensures that strong privacy and data protections are incorporated into the design of our products and features. Additionally, we can ensure that ongoing controls, like testing and quality assurance, are seamlessly integrated from the get-go.” – Bluevine Deputy General Counsel, Matt Shaw
- Offering Bank-Grade Encryption for Sensitive Personal Information: “Marqeta takes our role in protecting our customers’ sensitive data very seriously, and this is at the heart of our product development from day one. We incorporate privacy and security reviews in developing our products to address legal and regulatory requirements and build in appropriate safeguards. We maintain bank-grade encryption for sensitive personal information, including cardholder information, in transit and at rest. In addition, funding source payment card numbers (PANs) are not stored on our servers; instead, we only store tokens for these payment instruments. Marqeta creates a dedicated production environment that segregates each customer’s data from other Marqeta programs, helping to adhere to our strict privacy and data protection standards. We’re proud to offer robust data protection in the card issuing space and are continuously learning about new technologies we can implement to better serve our customers in a rapidly changing digital environment.” – Marqeta Head of Privacy and Deputy General Counsel, Meredith Grauer
- Building Tools to Give Consumers Control of Their Data: “Fintech companies like Intuit obsess over ways to give our customers the best online experience while also protecting their information. We work with system architects, cybersecurity teams, product developers, and our privacy engineers, to name a few, to make sure that the systems handle the information correctly, that we’re building tools to give consumers access and control over their data, and that we use the data in the best way possible to improve experiences and make things easier for our customers. We ask ourselves important questions like what would our customers expect from us? Do they understand what data we need from them and why? Have we taken every opportunity to reduce the need to use or keep data that is unnecessary? Are we taking steps to ensure that the data we hold is accurate and protected?” – Intuit Chief Privacy Officer, Elise Houlik
- Promoting Trust Across Our Ecosystem: “Trust is paramount in financial services, and it is at the center of all we do at Plaid. Given our unique position in the fintech ecosystem, we believe it is our responsibility to set a high bar for consumer privacy, help drive industry standards, and ensure consumers know where we stand. Our products enable consumers to securely and seamlessly share data with trusted services to improve their financial health, while understanding and controlling where and how that data is shared. We’re also proud to partner with financial institutions to bolster their own services that give their customers even more insight into and control over their data sharing experience. Prioritizing privacy and security is critical to ensuring consumers can safely unlock the benefits that digital finance can offer, broadening access and options for consumers from all backgrounds.” – Plaid General Counsel Meredith Fuchs
- Giving Consumers More Control and Choice with Secure Payment Tools: “Stripe builds economic infrastructure for millions of businesses around the world to enable them to manage payments and grow their business on the Internet. The CFPB’s open banking rule will help make payments more efficient and inclusive for those businesses and their consumers. Building on regulatory obligations, we provide an easy way for consumers to securely connect bank accounts with a wide range of innovative services while providing clear information, choice, and control. This streamlines payments, reduces fraud, and enhances competition.” – Stripe Global Head of Public Policy and Regulatory Legal, Katherine Carroll
Looking Ahead: Time to Enact National Privacy Legislation
The most recent federal legislation governing how financial institutions treat sensitive data, the Gramm-Leach-Blilely Act (GLBA), was enacted in 1999, before the age of the internet and e-commerce, not to mention the rise of fintech. At the same time, a patchwork of privacy laws at the state level means that consumers and small businesses have different privacy experiences based on where they live or do business. Since 2018, 185 privacy bills have been considered across 46 states, according to TechNet, creating uneven protections, confusion, and uncertainty.
That’s why, as we outlined in our privacy principles for the future of finance, a federal privacy standard is critical to ensure clarity and that consumers and small businesses have equal protection, regardless of where they live. Conversations are ongoing on Capitol Hill to modernize GLBA as part of a broader effort to enact bipartisan privacy legislation and meet the needs of today’s technological moment. These efforts are critical to protect consumers, support innovation, and provide certainty to millions of Americans who rely on digital financial tools to save time and money.