Sharing sensitive information can pose potential privacy and security risks
The Financial Industry Regulatory Authority (FINRA) announced that it has issued an Investor Alert to help consumers consider the risks of sharing personal financial account information and other sensitive information with data aggregators.
Companies that offer financial data aggregation services put information about financial holdings under one roof. The personalized “dashboard,” sometimes called a personal financial management hub or portal, can display investments, savings, insurance policies and credit balances.
To create the dashboard, the consumer usually agrees to provide the aggregator with the login information for all of his or her financial accounts to enable data scraping – an automated process involving a code or a “robot” that goes to the third-party websites, registers with the consumer’s security credentials, and collects account information.
Many consumers may like the convenience of having a single view of multiple accounts under one roof,” said Gerri Walsh, FINRA’s Senior Vice President of Investor Education. “But sharing security credentials for financial accounts can come with potential vulnerability to cyber fraud, unauthorized transactions and identity theft.
The Alert offers consumer tips including:
- Weigh the benefits of aggregation against the risks of sharing your security credentials. Be particularly diligent when you authorize a third party to facilitate payments on your behalf.
- Read the terms and conditions of any user agreement or contract.
- Verify that the aggregator will access only the information it needs to provide the desired service. Be aware that there may be charges for certain transactions and services you choose.
- Understand the aggregator’s privacy and data-security measures.
- Research the accuracy of the scraping algorithms used to collect data from your accounts. To find out, consumers can ask if the aggregator conducts periodic checks to ensure that it is collecting data and using it accurately to provide the required service.
- Check with financial data providers to find out what data, if any, are delivered to aggregators through an application programming interface (API), which is generally considered a safer alternative than scraping.
- Make sure you cancel your account and terminate the access and rights you have granted to the aggregator once you discontinue using the service.