A system for controlling access to data, includes: one or more interfaces operable to receive an access point deauthorization message, the access point deauthorization message including one or more access point identifiers; and one or more processors operable to: determine an account identifier associated with the access point identifier included in the received access point deauthorization message, and deauthorize an access point identified by the received access point identifier from accessing the financial account associated with the determined account identifier associated with the received access point identifier.