Know the risks of giving money-management apps access to your banking information
Is it safe to share your data with financial apps?
Budgeting and money-management apps and websites are incredibly convenient: they can help you track spending, save and invest, send money to friends and family, pay bills and taxes or just give you a single snapshot of your entire financial picture. However, the ways in which some services collect—and store—sensitive data like your online bank account username, passcode and transaction history could put your personal information at risk.
It’s important to understand how using apps that access your financial accounts—usually through a separate, third-party data aggregator—can increase the risk of data breaches and the ways you can protect your personal information.
What is a data aggregator?
When you use a financial app, you’re usually asked for personal data and banking log-in information so that the app can gather your information to provide its service.
Data aggregators are third-party services that work in the background to supply the app with the specific banking data needed to perform the app’s functions.
The information collected could include a variety of information from your bank or financial institution—accounts, transactions, balances, statements and personal details.
Percentage of U.S. banking consumers that used at least one financial app in the past year
Source: The Clearing House, 2019
How is data collected?
Whether you realize it or not, when you use a financial app, data aggregators get your information by connecting directly to your financial institutions. You may be asked to provide financial information directly or be prompted to log in to a screen that looks like your banking institution with your online ID and passcode inside the financial app—a process called “screen scraping.” Once you log in, some of your data at that financial institution—including transactions, account balances and personal details—is available to be shared and stored with the app.
Are there risks to sharing account information?
Sharing data, including your usernames and passwords, has risks. Third-party services don’t have to follow the same strict rules banks do when it comes to storing and protecting your financial information—and that could mean a higher risk of your data being breached. It’s important to use caution and ensure that apps you use have appropriate policies and practices to protect the privacy and security of any information you provide, or to which using it could allow access. Key considerations include what type of data will be pulled, how long the data will be stored and how it’s going to be used. You can usually learn more by reading the app’s terms of use or by searching online.
Are there more secure ways to share your account information with a data aggregator?
Many banks are using more secure ways to provide your account information to financial apps. As these new protocols—often called an application programming interface, or API—become available, the need for third parties to store and use your sign-in credentials will be eliminated, and consumers will have more control and transparency over the data being shared. Your financial institution may also offer an online dashboard where you can revoke your permission for any third party to access your account information.
of people aged 25-34 are the most frequent users of financial apps
Source: The Clearing House, 2019
What happens if there is a third-party security or data breach?
If you’ve been affected by a data breach, immediately reset your passcodes. Check to see if your information has been compromised by watching for notification from your bank, often by letter or email. You can also get free credit reports from the three major credit reporting agencies. Contact your banking institution to ask about any information that’s being shared with another party.
4 ways to protect your information
Change your account passcodes once every three months or immediately after a data breach.
Use multi-factor authentication, which, in addition to your username and passcode, provides an extra layer of security with a one-time, time-sensitive code before you complete your sign in.
Keep your contact information, such as email and mobile number, up to date with your primary bank.
Check if your bank offers an online dashboard to view and control which third-party services are connected to your accounts.
Up Next
Contact Us
-
We're here to help. Reach out by visiting our
Contact page or schedule an appointment today. - Schedule an appointment
Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.
