Information security and access to third-party data are at the heart of a dispute between an established financial giant and Venmo, the PayPal-owned payment app that’s challenged big banks.
Customers from Pittsburgh-based PNC Bank have complained in recent months that they no longer can transfer funds to their Venmo accounts. The change disrupted financial transfers, and has resulted in a public back-and-forth between Venmo and the bank.
Venmo has told users to tweet complaints at PNC. In turn, PNC has encouraged frustrated customers to move to Zelle, a Venmo competitor operated by a network of banks.
In an Oct. 29 tweet, PNC’s customer service account said the bank has made a “security enhancement” which “may be causing difficulty when you try to link your PNC [account] with Venmo.” As part of its security upgrade, PNC stopped Plaid, a third-party data aggregator, from accessing PNC customers’ account and routing information, the Wall Street Journal reported.
PNC stopped data collection after determining “multiple different aggregators” had tried subverting the bank’s security controls, executives told the Journal.
PNC customers still can use Venmo by manually entering their account information. But the dustup demonstrates the power major firms like PNC Bank have to influence other, smaller firms throughout their supply chain to harden defenses, or even just change their behavior, in the name of stronger security.
Business considerations might be a convenient part of that calculus, too.
Some 900,000 PNC bank customers, or 14%, rely on apps underpinned by data from Plaid, according to the Pittsburgh Post-Gazette. The startup, valued at $2.7 billion at its last funding round, also connects U.S. bank customers to financial services like Robinhood, Coinbase and Gemini. Plaid has said its made the necessary changes to continue working with PNC bank.
It’s not just PNC Bank that’s tried to influence other business, though, whether for competitive or security reasons. Third-party security assessments quietly have evolved in recent years as high-profile data breaches, like the 2013 incident at Target, which began with an HVAC vendor, have forced more companies to recognize an outside vendor’s failure to protect sensitive data could provide hackers with a gateway into their own systems.