The world’s eyes were opened to the immense damage and knock-on effects of data breaches and misuse of personal information thanks to the whole Facebook-Cambridge Analytica data scandal in 2018. Since then, data security and privacy has been at the top of everyone’s mind. According to a recent report, India ranks sixth among countries with the highest number of data breaches since 2004. With this backdrop, it might seem counterintuitive to willingly share your data. More so when it comes to something as sensitive as your financial data.
We’re bringing this up because Fi’s Connected Accounts feature asks that you share your financial data with us. And we understand that you may have very reasonable apprehensions towards taking such a step. So, in the spirit of transparency and no hidden T&Cs, we would like to directly address these concerns.
First, let’s clear the air on Connected Accounts for the uninitiated. It’s a feature we’ve developed using the RBI’s Account Aggregator (AA) framework. Just like UPI enables the transfer of money directly between bank accounts, the AA framework enables the transfer of financial data between banks. This is what allows you to link multiple other bank accounts with the Fi app.
Overall expenditure tracking and a comprehensive view of your total bank balance are just some of the benefits that Connected Accounts can provide. It can give you a clearer picture of your finances and help you make better and more informed financial decisions. And to take advantage of these and other numerous benefits, we request that you share your financial data with us.
Now, we wouldn’t ask you to share your data unless we were sure about the security measures in place. Some of these measures have been built into the AA framework by the RBI while we’ve added some of our own to just be extra sure. So, let's take a peek under the hood to see what’s going on.
There are four main stakeholders within the AA framework. The first and most important is you, of course. You are the starting point, producing financial data with every transaction. Then there’s the banks. Since your financial data is stored with banks, they become financial information providers on the AA framework. Third are financial information users like Fi, that use the information from your bank to provide you with a range of services. And finally, there are RBI-licensed account aggregator companies that provide the technology through which your data is shared between banks and other financial firms on the AA framework.
You can think of account aggregators as pipelines with the banks on one side and Fi on the other. You certainly trust your bank to keep your financial data safe while it's with them. And to ensure that this information is safe while travelling through an account aggregator, it is encrypted so that no one but the intended recipient can make sense of it. Also, as per RBI rules, an account aggregator cannot store any financial data and can only facilitate the transfer of data.
Over at the other end of the pipeline, Fi receives the data in encrypted form and it is deciphered only after it is within our secure environment. This is done with a decryption key that only we have. Beyond this, Fi has its own app controls in place to make sure no one else can fraudulently access this information on your phone. You can only access the Fi app if you are logged in using your registered mobile number provided that the SIM card associated with this number is present in your phone and the phone is logged in to the gmail ID you used to register on Fi.
So, you can rest assured that your data is safe throughout the process.
A lot of apps, especially in the money management category, are known for requiring excessive permissions. You have to grant permissions for everything from SMS, call and contact data to even full device access in one extreme case. And they give almost no reasonable justification for why and how this data will be used.
The RBI wanted to give power to the individual user and ensure that they had complete control over their data. And from this objective came the consent-based architecture that defines the AA framework. What it means is the entire data sharing process is dependent on your consent. A bank or any other financial firm cannot share your information on the AA framework without getting your explicit consent first.
Not just that, you can decide what data is shared, with whom it is shared and for how long it can be shared. You can also revoke your consent at any time in the process. While linking your alternate bank accounts with Fi, we show you exactly what details you will be sharing with us, the period for which it will be shared and the purpose for sharing these details.
So, if you decide to share your data, share it the Fi way.
