August 10, 2021

How External Corporate Cards Link To The Ottimate Card

by Lenny DeFranco

In June 2021, Ottimate launched The Ottimate Card, an expense management platform designed to meet the non-invoice AP needs of our customers.  

As a spend management and corporate card portal rolled into one, the Ottimate Card allows users to issue their own cards, manage expense reimbursements, and earn cash back on vendor payments. Today, dozens of businesses are issuing their very own Ottimate Cards for spend management.

The Ottimate Card also lets users connect external cards, which means you can manage all your corporate cards on the same platform. With Ottimate Cards, card data shows up in the system natively. It is the home of those cards’ data. For external cards, getting the data is a little trickier.

Actually, it’s a story with some intrigue. Card data is one of the front lines in a pivotal battle for data ownership. Essentially, your data is being held hostage by your financial institutions.

It may be hard to believe, in our always-connected world of APIs and seamless integrations, but it’s true. In the process, this state of affairs has attracted the attention of activist groups, governments, and consumers.

Up to this point in time, the strange tale you’ll see below has been the will of the financial services industry. The day things change, Ottimate will be first in line to give our customers access to their own card data.

For now, this is the state of play regarding credit card data in the US.

How Ottimate gets your credit card data 

Credit card data lives in a complex ecosystem. What feels like a simple swipe at the counter is actually an exchange between multiple entities. Every credit card transaction generates fees that are shared between a handful of entities. Within the card industry’s owned infrastructure, in other words, financial data is highly portable.

Getting that data out is the tricky part. When you or your employer decide to use apps that require your credit card feed, like Ottimate, our software sometimes has no direct way to plug into your bank and retrieve your data. In those cases we get it from a third-party aggregator, which is a separate company whose software logs in to your bank, takes a snapshot of your card activity, and passes that data securely to us.

This exchange is very safe. Using third-party aggregators is an industry standard, used by all your favorite financial technology. But the normalcy of this system is actually the entire problem. We would love for your credit card data to be available in a more stable way. Much of the time, it is not.

Screen scraping for card data

Credit card transactions can be exported from card issuers in many ways. The best of these is a direct connection, usually only possible when a financial institution directly engineers an API for enterprise-level customers to transmit information into authorized software. Direct connections very rarely suffer from technical issues, like incorrect or incomplete syncs.

This system works great — for enterprises. 

Unfortunately, banks don’t cater to all customers with the same high-quality data that they give to enterprises. Everyone else has to deal with workarounds that provide no direct data exchange.

That has led to the rise of data aggregators: companies that specialize in a workaround known as “screen scraping.” This method uses software to access your financial institution’s website and extract the data found on your transaction history, using login credentials you’ve provided to them. As long as the screen scraping software is able to read the information on the page, the aggregator will export the card data to whatever software you want. Think of screen scraping as a computer literally imitating you in order to log into your bank account and take a picture of what it finds.

All you need to do is offer login credentials and provide permission to access your account.

Screen scraping only works when the software can read the information after the gated login. Any time your bank updates its web interface, the screen scraping software will no longer work—it was designed to scrape a different, previous iteration of the platform. Two-factor authorization and pop-up ads can also complicate things for screen scrapers and cause data exchanges to stall or fail. 

This is why customers sometimes see incomplete or incorrect information when they manage all corporate cards through Ottimate. Our software sometimes has no direct API connection, so we depend on screen scraping technology to gather the information you need to have in one singular place.

The errors are only temporary. Screen scraping developers can update the software quickly to meet the new design of the financial institution, and a quick reauthorization can help you start to sync transactions again. But it doesn’t make it any less annoying to deal with, and it certainly doesn’t mean it’s the best solution for the people and non-enterprise businesses who want to manage their spend.

Why is screen scraping the norm?

Individuals and small businesses don’t like screen scraping because it’s an incomplete workaround, as described above. But financial institutions don’t like it either, warning customers that they may be providing private data to other entities that may compromise important financial information. So why is there a stalemate?

It’s likely that banks just don’t believe the cost of building a direct API for lower-tier customers would be worth the new business they may obtain. It may be based on internal data, but it also may be assumed that smaller customers choose credit cards for benefits other than data synchronicity. The third-party aggregators and screen scrapers might be annoying to the credit card companies and banks—but they’re also fulfilling a service that financial institutions see no benefit in pursuing.

The push against direct connections might also come from a need for card-issuing banks to retain power over a new guard of fintech companies that are unbundling services that the big players depend on selling together. More direct connections would mean more power to these smaller startups, and the continued disruption of financial services.

Will we have to live with screen scraping forever?

Financial service entities have been debating direct access to credit card data for almost 20 years now. Industry trade groups have come up with many different proposals to replace the practice, but none have succeeded in becoming universal.

The closest we’ve come to open data access and interchange came in 2018 with the General Data Protection Regulation (GDPR) law going into effect. This massive privacy law for the European Union codifies the duty of companies to store data exclusively at the request of customers. Even after Brexit, the United Kingdom decided to uphold its own version of the GDPR.

Initially, it was thought that these trends in the rest of the Western world would take hold in the U.S. After all, it’s becoming clear that modern consumers are demanding more modern ways of accessing and sharing their financial data. Some U.S. banks launched business-tier card APIs, but can hardly be considered a turning point—especially as the rest of the industry is willing to put up a fight against open data access. Early 2020 found major financial institutions, including PNC Bank and J.P. Morgan Chase, placing a tighter grip on its customers’ data. In some circumstances, third-party access was denied entirely. 

Later in the year, the Consumer Financial Protection Bureau (CFPB) officially announced its plans to explore the regulation of open banking once and for all. The goal is to remove some of the confusion and conflicting information in financial industries surrounding who can access which data—and assess the transparency of current market practices.

But until the CFPB officially releases and implements its findings, third-party data aggregation remains the best solution for U.S.-based banks and businesses to exchange credit card data. Ultimately, anyone who uses credit cards and depends on financial institutions will need to demand and drive the change toward direct API connections. 

As we wait for the tide to turn, Ottimate will continue educating you with the financial news and information you need for streamlined, secure hospitality accounting. Be sure to check our blog frequently for the latest industry updates.

Stay up to date on the latest news in AP automation and finance

This field is for validation purposes and should be left unchanged.