Account aggregation is set to be launched this autumn in the UK by a variety of financial service providers. Already popular in the US, Canada and Australia, it will provide users with an online one-stop-shop to view their internet accounts at banks, mortgage lenders, stockbrokers, fund managers, insurance providers, credit card companies, loyalty cards and other similar services on one screen at the same time.

It means users won't need to remember a variety of pin numbers and passwords to access their myriad of online financial services. Instead, they simply go online and enter one pin and password to gain access to all their accounts.

At one glance, people using an aggregator service will be able to see their net worth – both their assets and liabilities will be set out. Information will be as up to date as if they had gone into each service separately.

Users will be able to manage their resources and time more effectively. There will be better price transparency and, with some services, the ability to perform product comparisons, calculate savings and receive online applications.

US consumers have been using aggregation services for more than 18 months. In a country renowned for its litigation, we are not aware of any major cases involving account aggregation.

The case for the UK
A number of legal questions need to be answered before consumers here can take the plunge and give the go-ahead to one aggregator to hold all their financial information in one basket.

  • If the aggregator uses “screen scraping” to provide the information is this “hacking” and thus a criminal offence? Screen-scraping is where the aggregator uses the customer's pin number to access the service provider's website, with the consent of the customer but with no contract between the aggregator and the service provider.

    It seems this will not affect the customer, as they are unlikely to know access through the aggregator is unauthorised and, as a result, are unlikely to face prosecution. However, the aggregator may be guilty of hacking if it penetrates secured areas of the service provider's site without “consent”.

    To avoid this, it should notify the service provider that it is about to screen-scrape and allow the service provider to have the capability to terminate the action if authorisation is withheld. This gives the aggregator implied consent of the service provider to enter the site.

  • What if the service provider refuses access to the aggregator? As there is no contract between the aggregator and the service provider, the aggregator cannot insist access is allowed, nor can the customer. However, a customer requiring an aggregation service may change their service provider to one that does allow access. This has occurred in the US and the majority of service providers there will now allow access to aggregators.
  • Is there a breach of contract by customers when they give their PIN numbers and passwords to their aggregator? As a result, will they be vulnerable to a total loss if there is a disputed transaction online – remember the phantom withdrawals from cash machines during the 1980s?

    We believe customers will be protected by the Unfair Contract Terms Act 1977 and the Unfair Terms in Consumer Contracts Regulations 1999. Personal liability will, in any event, be limited to £50 for disputed transactions, unless fraud or negligence is proved against the customer under the Banking Code (January 2001). Negligence will be difficult to prove because it is likely the aggregators will hold passwords and PINs more securely than customers. In the event of a substantial disputed transaction, the bulk of the liability is therefore more likely to fall on the aggregator and its agency principal – for example, the bank or internet portal.

  • Will the Financial Services Authority (FSA) regulate account aggregation? No, as it is neither an “authorised activity” nor a financial promotion. Anyone, whether authorised or not, can provide an aggregation service.

    In any case, an aggregator could easily locate outside the jurisdiction of the FSA. However, if any financial advice is given on the back of an aggregation service, this could only be given if the individual is authorised.

  • How do I choose an aggregator and what questions should I ask? You will need to check the aggregator's privacy policy to see how it will use the information that it holds about you. You need to check what steps the aggregator takes to ensure your password and PIN numbers are held securely by checking the aggregator's website for details.

    If there is a security failure and money is lost, data corrupted or private information disclosed, ask who would be responsible for putting things right and compensating for loss. It is best to check with the aggregator and service provider sites.

    At the end of the day, it is likely the aggregator will be a customer's first port of call in relation to any disputed transaction and, as such, a customer must ensure their aggregator has adequate security or insurance in the case of any losses.

    Future will be aggregated
    Account aggregation may well change the way we use our online services – it will speed them up and make them more efficient. Those who do not agree to be aggregated could soon find themselves losing business.

    Customers will soon be faced with a variety of aggregators, ranging from major high street banks, independent financial advisers (IFAs), accountants and, on the technology side, internet service providers, portals, search engines and dedicated software providers who simply provide this service alone. It will be up to the customers to choose the most appropriate aggregation service.

  • Robert Courtneidge is a specialist technology and banking partner with the European City law firm Osborne Clarke.