Credit
Debt
Saving & Budgeting
Homeownership
Auto
Retirement
College
Privacy & Security
Personal Banking
Taxes & Income
Privacy & Security

Is it safe to share your data with financial apps?

Save
Close save Added to My Priorities
Print

Know the risks of giving money-management apps access to your banking information

Budgeting and money-management apps and websites are incredibly convenient: they can help you track spending, save and invest, send money to friends and family, pay bills and taxes or just give you a single snapshot of your entire financial picture. However, the ways in which some services collect—and store—sensitive data like your online bank account username, passcode and transaction history could put your personal information at risk.

It’s important to understand how using apps that access your financial accounts—usually through a separate, third-party data aggregator—can increase the risk of data breaches and the ways you can protect your personal information.

What is a data aggregator?

When you use a financial app, you’re usually asked for personal data and banking log-in information so that the app can gather your information to provide its service.

Data aggregators are third-party services that work in the background to supply the app with the specific banking data needed to perform the app’s functions.

The information collected could include a variety of information from your bank or financial institution—accounts, transactions, balances, statements and personal details.

54 percent
Percentage of U.S. banking consumers that used at least one financial app in the past year
Source: The Clearing House, 2019

How is data collected?

Man checking his phone while in livingroom

Whether you realize it or not, when you use a financial app, data aggregators get your information by connecting directly to your financial institutions. You may be asked to provide financial information directly or be prompted to log in to a screen that looks like your banking institution with your online ID and passcode inside the financial app—a process called “screen scraping.” Once you log in, some of your data at that financial institution—including transactions, account balances and personal details—is available to be shared and stored with the app.

Are there risks to sharing account information?

Sharing data, including your usernames and passwords, has risks. Third-party services don’t have to follow the same strict rules banks do when it comes to storing and protecting your financial information—and that could mean a higher risk of your data being breached. It’s important to use caution and ensure that apps you use have appropriate policies and practices to protect the privacy and security of any information you provide, or to which using it could allow access. Key considerations include what type of data will be pulled, how long the data will be stored and how it’s going to be used. You can usually learn more by reading the app’s terms of use or by searching online.

Are there more secure ways to share your account information with a data aggregator?

Many banks are using more secure ways to provide your account information to financial apps. As these new protocols—often called an application programming interface, or API—become available, the need for third parties to store and use your sign-in credentials will be eliminated, and consumers will have more control and transparency over the data being shared. Your financial institution may also offer an online dashboard where you can revoke your permission for any third party to access your account information.

35 percent
of people aged 25-34 are the most frequent users of financial apps
Source: The Clearing House, 2019

What happens if there is a third-party security or data breach?

If you’ve been affected by a data breach, immediately reset your passcodes. Check to see if your information has been compromised by watching for notification from your bank, often by letter or email. You can also get free credit reports from the three major credit reporting agencies. Contact your banking institution to ask about any information that’s being shared with another party.

4 ways to protect your information

Change your account passcodes once every three months or immediately after a data breach.
Use multi-factor authentication, which, in addition to your username and passcode, provides an extra layer of security with a one-time, time-sensitive code before you complete your sign in.
Keep your contact information, such as email and mobile number, up to date with your primary bank.
Check if your bank offers an online dashboard to view and control which third-party services are connected to your accounts.
Close Disclaimer

The material provided on this website is for informational use only and is not intended for financial, tax or investment advice. Bank of America and/or its affiliates, and Khan Academy, assume no liability for any loss or damage resulting from one’s reliance on the material provided. Please also note that such material is not updated regularly and that some of the information may not therefore be current. Consult with your own financial professional and tax advisor when making decisions regarding your financial situation.

Up Next

Contact Us

Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.