Early this week the Wall Street Journal claimed Facebook was sounding out major US financial institutions over the possibility of accessing customers' banking information as a means of offering them 'new services', such as fraud alerts and instant balance checks directly within Facebook Messenger.
The social network was reportedly in discussions with PayPal, Citibank, JPMorgan Chase, Wells Fargo and American Express, among others.
Facebook issued a statement shortly after to clarify that "we're not using this information beyond enabling these (customer service) types of experiences. A critical part of these partnerships is keeping people's information safe and secure."
"The idea is that messaging with a bank can be better than waiting on hold over the phone," the company spokesperson added.
The more surprising thing should be that anyone was shocked at all, as Facebook continues to look for new ways to keep customers engaged on its platforms.
Facebook has already had limited success in this area too, striking a deal with PayPal in October 2017 to allow Messenger users to transfer money, track transactions and shipping updates.
These reports caused a predictable groundswell of consternation and derision on social media, until the second wave of articles arrived to clarify that Facebook didn't want transaction data as a means to enhance its advertising algorithms, but rather for offering new services on top of that data, which would presumably only be possible with that customer's permission.
In short: this sort of service would be opt-in and Facebook has unequivocally said it won't be harvesting the data to enrich its advertising algorithms.
Facebook isn't the only internet giant looking to provide users with access to their banking information via additional channels. Banks like Capital One have been building Alexa skills for Amazon's voice assistant so customers can ask the device what their most recent transactions were, and how much is left in their accounts.
Why the outcry?
As the WSJ reported: "Data privacy is a sticking point in the banks' conversations with Facebook, according to people familiar with the matter. The talks are taking place as Facebook faces several investigations over its ties to political analytics firm Cambridge Analytica, which accessed data on as many as 87 million Facebook users without their consent."
A lot of this initial reaction will be, justifiably, driven by these recent data sharing scandals that have hurt Facebook's credibility. In the aftermath of the Cambridge Analytica scandal it is natural to ask: 'if I can't trust you with the results of a quiz I did five years ago, why would I trust you with access to my financial information?'
This concern was enough to convince one large US bank to halt discussions with Facebook, the paper reported.
It's also safe to assume that the value proposition here is heavily weighted towards Facebook while the risk, if this data was to be misused, falls uncomfortably on the shoulders of the bank itself.
Open banking and PSD2
The introduction of the Revised Payment Service Directive (PSD2) and open banking earlier this year marked significant changes to financial regulations in Europe and the UK respectively, signalling that these kinds of financial data sharing mechanisms are likely to become the norm.
Both pieces of regulation force the big banks to open up customer data with a set of standardised, secure APIs, allowing customers more control over who they share their transaction data with to power new services, such as account comparisons, or to get credit approval without having to file paperwork. In these cases it's up to customers to decide which third parties they trust enough with their data.
Under these regulations Facebook wouldn't have to cut a deal with each bank to provide these services, they could simply build a service that accesses this information via the public API and try to convince customers to opt in.
So, the outcry to this report highlights two things: Facebook has lost a great deal of public trust, and that there needs to be a secure industry standard for sharing financial data with third parties. The EU and UK are on the way to creating that - will the US follow suit?