Skip to main content

Digital Death Guide

  • Home
  • Guest Posts
    • Wanna write a guest post ?
    • Our Authors
  • Templates
  • Business Directory
    • How to participate in our directory ?
    • Add Listing
    • Wanna write a guest post ?
Is It Safe To Share The Password To Your Bank Account With An App?

Is It Safe To Share The Password To Your Bank Account With An App?

September 22, 2018October 27, 2018 Eleanore DigitalDeath
Click here to view original web page at www.huffingtonpost.com

Using one of the popular personal finance apps intended to help you manage your money requires a step that causes some people to pause: when the app or site asks you for the passwords to your bank accounts and credit cards.

How safe is it really to turn over the password to the Bank of You? Aren’t we all constantly advised to do just the opposite, as in, don’t ever give anyone your password to anything or you will be inviting digital death and destruction?

We live in an era of data breaches, identity theft and online fraud. Heck, we’ve even cautioned against posting something as innocuous as your mother’s maiden name on Facebook because you’d be giving away the answer to a popular bank security question.

But platform developers and managers of these personal finance apps say they need your confidential information in order to help you manage your money. They promise they can find ways to reduce your bills, help you pay off debt, sock more away in savings, and learn how to invest wisely. Plus, they promise to protect your private data with multiple layers of encryption and security best practices.

Online security experts have strong thoughts about the wisdom of giving out your personal security information to third parties. It’s a game of “who do you trust?” they say. And, as with every online platform we use, it’s a matter of balancing the risk you’re taking against the potential reward.

And yes, there is undeniably a risk.

Contents

  • 1 Find the sweet spot.
  • 2 Know what apps can actually do with your data.
  • 3 Find the sweet spot.
  • 4 Know what apps can actually do with your data.

Find the sweet spot.

If a platform is claiming it is unhackable, well, just run, said Stephanie Carruthers, a “white hat” or ethical hacker known as Snow, whose clients include Fortune 100 companies as well as startups. Nothing is unhackable, she said.

While Snow recommends against any money-management platform that asks for your security information, she told HuffPost that “most of these apps have value and can be beneficial.”

The trick is to find the sweet spot, where the benefit justifies the risk. Carruthers suggested reading an app’s terms of service agreement to know how the information you provide will be used and the responsibility of the data collector. In other words, if the information you provide is compromised, what risk is there to you and your money?

Ilian Georgiev is a co-founder of HiCharlie, a relative newcomer to the personal finance management-by-app niche. He compares using his platform to the level of trust we already show when we shop on Amazon or anywhere else online. “Each time you hit the order button and implicitly believe that what you ordered will actually be delivered, you are showing trust,” he said.

For a business like his, Georgiev told HuffPost, a security breach would be the kiss of death ― an end to the company. Financial management platforms use multi-level security protection steps, he said, because to do otherwise would flirt with disaster.

So when you give HiCharlie your bank information, no live person ever actually sees it, he said. The service cannot move your money or transfer it out of your control to another account. The real-world equivalent, he said, is that someone gets into your trash can and finds a bank statement that doesn’t have your name on it. They would see a transaction record, but not know whose it is.

Georgiev said that a user’s bank credentials (e.g., username and password) never go through HiCharlie’s system, which only gets a list of a user’s transactions that is stored using bank-level 256-bit end-to-end encryption, in anonymized encrypted databases, with very strict access controls.

When you enter your bank credentials, you are actually doing so on a form provided by a third-party bank data aggregator called Plaid. It’s a system used by most personal finance apps, like Venmo, Robinhood and Acorns. Plaid, in turn, is trusted by a long list of banks and credit unions. HiCharlie never sees your bank credentials; Plaid does. HiCharlie simply gets bank transaction logs from Plaid, Georgiev said.

But some apps do store user credentials. Acorns, which rounds up your spending transactions to the nearest dollar and banks the difference for you, does get permissions to move money on behalf of the customer.

Still, trust is hard, Georgiev acknowledged. He and his co-founders posted their photos on HiCharlie, as well as the names of the investors who backed them with a list of other ventures those investors previously were associated with.

It’s intentional, Georgiev said. “We want people to trust us. And so we put our faces out there.”

Zouhair Belkoura, founder of the privacy protection suite of apps known as Keepsafe, suggests that before using a personal finance management platform, people should take a hard look at how far the platform is willing to go to stand behind its safety claim.

“Does the service apply the same rigor as a bank to ensure that if fraud or a breach does occur, it will ensure customers are made whole?” Belkoura asked.

The short answer to that last part is probably not. Most don’t. If the platform is hacked and your money misappropriated, the third-party platform will likely not replace it for you. And it’s a point of debate whether your bank will, because the terms of service agreement for your checking account most likely admonishes against giving third-party sites access to your account information. Banks discourage the use of these apps, although some consumer advocates argue that’s because banks just want to be able to market products to you directly and don’t appreciate another business getting between them and their customers.

Banks themselves are protected by the FDIC, which means that if your bank collapses, the federal government insures the money you held in your accounts up to $250,000. Apps and digital platforms, on the other hand, have no such government-backed protection unless it’s an investing app.

Eva Velasquez, president and CEO of the Identity Theft Resource Center, boiled it down to this: “Anytime you share your sensitive PII [or personally identifiable information] with new entities/organizations, you increase your risk surface. The more information you share, and the more organizations you share it with, increase your chances of that information being compromised in some manner.”

Velasquez noted that who you deal with matters. “There are plenty of bogus apps and sites that exist solely to collect your PII and steal your identity, as well as legitimate sites that offer a useful service and have best practices in place,” she said, suggesting that people check third-party reviewers like the Better Business Bureau, organizations such as the National Cyber Security Alliance and her Identity Theft Resource Center for information to help them decide if the risk is worth it.

Know what apps can actually do with your data.

But the internet and e-commerce is filled with risks, isn’t it? Doesn’t this come with the turf?

Catalin Cimpanu, who covers security news for Bleeping Computer, says that as a blanket rule, “giving your password to any third-party is a seriously bad idea.”

“And if I’ve learned anything, it’s that finance management apps are really bad at security,” Cimpanu told HuffPost.

Still, since most banks use multi-factor authentication, your information isn’t stored within the third-party’s interface, and there can be no money transfers without permission, would a data breach really be the end of the world?

By federal law, your maximum liability for credit card fraud is $50. If you report your card lost or stolen, the credit card company generally will close the account pronto and not hold you liable for any fraudulent charges. So you are pretty much safe if someone starts to charge up a storm with your card.

Similarly, money stolen directly from a bank account via a bank transfer is also covered, by Federal Reserve Regulation E, which implements the Electronic Funds Transfer Act. If you indicate that you never authorized a transfer, you will get your money back. Georgiev noted that in practical terms, this type of “hacking” ― stealing money from a bank account ― is a very bad idea.

“Thanks to KYC and AML regulations, there is a detailed paper trail on a global scale. The people responsible will get caught and/or lose access to the funds,” Georgiev said, adding, “That’s why you never really hear of hacks where massive amounts of people lost their bank account funds.”

If funds are stolen from your bank account, would you just have to eat the loss? Chase, Capital One, and Fidelity state on their sites that if you share your information with a third party, you may be on the hook for stolen money. But others disagree. One legal expert told Reuters that the law releasing banks of liability when customers deliberately give power to transfer funds to a third party, such as a family member or business partner, is different from giving credentials to Mint or another money management site that will use it simply to monitor and record the account activity.

Plus, there are laws that limit your liability from theft from your bank account if you report it in a timely fashion. All of which is to say welcome to 2018, where everyone needs to check their bank account every day to protect against fraud.


undefined undefined via Getty Images

Using one of the popular personal finance apps intended to help you manage your money requires a step that causes some people to pause: when the app or site asks you for the passwords to your bank accounts and credit cards.

How safe is it really to turn over the password to the Bank of You? Aren’t we all constantly advised to do just the opposite, as in, don’t ever give anyone your password to anything or you will be inviting digital death and destruction?

We live in an era of data breaches, identity theft and online fraud. Heck, we’ve even cautioned against posting something as innocuous as your mother’s maiden name on Facebook because you’d be giving away the answer to a popular bank security question.

But platform developers and managers of these personal finance apps say they need your confidential information in order to help you manage your money. They promise they can find ways to reduce your bills, help you pay off debt, sock more away in savings, and learn how to invest wisely. Plus, they promise to protect your private data with multiple layers of encryption and security best practices.

Online security experts have strong thoughts about the wisdom of giving out your personal security information to third parties. It’s a game of “who do you trust?” they say. And, as with every online platform we use, it’s a matter of balancing the risk you’re taking against the potential reward.

And yes, there is undeniably a risk.

Find the sweet spot.

If a platform is claiming it is unhackable, well, just run, said Stephanie Carruthers, a “white hat” or ethical hacker known as Snow, whose clients include Fortune 100 companies as well as startups. Nothing is unhackable, she said.

While Snow recommends against any money-management platform that asks for your security information, she told HuffPost that “most of these apps have value and can be beneficial.”

The trick is to find the sweet spot, where the benefit justifies the risk. Carruthers suggested reading an app’s terms of service agreement to know how the information you provide will be used and the responsibility of the data collector. In other words, if the information you provide is compromised, what risk is there to you and your money?

Ilian Georgiev is a co-founder of HiCharlie, a relative newcomer to the personal finance management-by-app niche. He compares using his platform to the level of trust we already show when we shop on Amazon or anywhere else online. “Each time you hit the order button and implicitly believe that what you ordered will actually be delivered, you are showing trust,” he said.

For a business like his, Georgiev told HuffPost, a security breach would be the kiss of death ― an end to the company. Financial management platforms use multi-level security protection steps, he said, because to do otherwise would flirt with disaster.

So when you give HiCharlie your bank information, no live person ever actually sees it, he said. The service cannot move your money or transfer it out of your control to another account. The real-world equivalent, he said, is that someone gets into your trash can and finds a bank statement that doesn’t have your name on it. They would see a transaction record, but not know whose it is.

Georgiev said that a user’s bank credentials (e.g., username and password) never go through HiCharlie’s system, which only gets a list of a user’s transactions that is stored using bank-level 256-bit end-to-end encryption, in anonymized encrypted databases, with very strict access controls.

When you enter your bank credentials, you are actually doing so on a form provided by a third-party bank data aggregator called Plaid. It’s a system used by most personal finance apps, like Venmo, Robinhood and Acorns. Plaid, in turn, is trusted by a long list of banks and credit unions. HiCharlie never sees your bank credentials; Plaid does. HiCharlie simply gets bank transaction logs from Plaid, Georgiev said.

But some apps do store user credentials. Acorns, which rounds up your spending transactions to the nearest dollar and banks the difference for you, does get permissions to move money on behalf of the customer.

Still, trust is hard, Georgiev acknowledged. He and his co-founders posted their photos on HiCharlie, as well as the names of the investors who backed them with a list of other ventures those investors previously were associated with.

It’s intentional, Georgiev said. “We want people to trust us. And so we put our faces out there.”

Zouhair Belkoura, founder of the privacy protection suite of apps known as Keepsafe, suggests that before using a personal finance management platform, people should take a hard look at how far the platform is willing to go to stand behind its safety claim.

“Does the service apply the same rigor as a bank to ensure that if fraud or a breach does occur, it will ensure customers are made whole?” Belkoura asked.

The short answer to that last part is probably not. Most don’t. If the platform is hacked and your money misappropriated, the third-party platform will likely not replace it for you. And it’s a point of debate whether your bank will, because the terms of service agreement for your checking account most likely admonishes against giving third-party sites access to your account information. Banks discourage the use of these apps, although some consumer advocates argue that’s because banks just want to be able to market products to you directly and don’t appreciate another business getting between them and their customers.

Banks themselves are protected by the FDIC, which means that if your bank collapses, the federal government insures the money you held in your accounts up to $250,000. Apps and digital platforms, on the other hand, have no such government-backed protection unless it’s an investing app.

Eva Velasquez, president and CEO of the Identity Theft Resource Center, boiled it down to this: “Anytime you share your sensitive PII [or personally identifiable information] with new entities/organizations, you increase your risk surface. The more information you share, and the more organizations you share it with, increase your chances of that information being compromised in some manner.”

Velasquez noted that who you deal with matters. “There are plenty of bogus apps and sites that exist solely to collect your PII and steal your identity, as well as legitimate sites that offer a useful service and have best practices in place,” she said, suggesting that people check third-party reviewers like the Better Business Bureau, organizations such as the National Cyber Security Alliance and her Identity Theft Resource Center for information to help them decide if the risk is worth it.

Know what apps can actually do with your data.

But the internet and e-commerce is filled with risks, isn’t it? Doesn’t this come with the turf?

Catalin Cimpanu, who covers security news for Bleeping Computer, says that as a blanket rule, “giving your password to any third-party is a seriously bad idea.”

“And if I’ve learned anything, it’s that finance management apps are really bad at security,” Cimpanu told HuffPost.

Still, since most banks use multi-factor authentication, your information isn’t stored within the third-party’s interface, and there can be no money transfers without permission, would a data breach really be the end of the world?

By federal law, your maximum liability for credit card fraud is $50. If you report your card lost or stolen, the credit card company generally will close the account pronto and not hold you liable for any fraudulent charges. So you are pretty much safe if someone starts to charge up a storm with your card.

Similarly, money stolen directly from a bank account via a bank transfer is also covered, by Federal Reserve Regulation E, which implements the Electronic Funds Transfer Act. If you indicate that you never authorized a transfer, you will get your money back. Georgiev noted that in practical terms, this type of “hacking” ― stealing money from a bank account ― is a very bad idea.

“Thanks to KYC and AML regulations, there is a detailed paper trail on a global scale. The people responsible will get caught and/or lose access to the funds,” Georgiev said, adding, “That’s why you never really hear of hacks where massive amounts of people lost their bank account funds.”

If funds are stolen from your bank account, would you just have to eat the loss? Chase, Capital One, and Fidelity state on their sites that if you share your information with a third party, you may be on the hook for stolen money. But others disagree. One legal expert told Reuters that the law releasing banks of liability when customers deliberately give power to transfer funds to a third party, such as a family member or business partner, is different from giving credentials to Mint or another money management site that will use it simply to monitor and record the account activity.

Plus, there are laws that limit your liability from theft from your bank account if you report it in a timely fashion. All of which is to say welcome to 2018, where everyone needs to check their bank account every day to protect against fraud.

bank account bank accounts personal finance

Eleanore

Main curator on Digitaldeathguide. Supported by a bot. Some articles may need to be weeded, don't hesitate to tell me !

Post navigation

Government to create digital death-reporting service
Have a say in your digital legacy by writing down instructions today

Download our wordpress plugin

ddg

Related posts

Estate Planning 101: Don't forget digital assets
Estate Planning 101: Don’t forget digital assets
The importance of digital asset planning explained
Estate Planning a hundred and one: Don’t Forget About Your Digital Assets
8 Documents That Are Essential to Planning Your Estate
8 Documents That Are Essential to Planning Your Estate
Get Your Digital Accounts Ready In Case of Death
Get Your Digital Accounts Ready In Case of Death
Do You Have a Digital 'Guardian' for Your Estate?
Do You Have a Digital ‘Guardian’ for Your Estate?
Estate Planning Tips: Protecting Your Digital Assets
Estate Planning Tips: Protecting Your Digital Assets
Brits loose THOUSANDS of pounds as many fail to tell families about their online savings
Brits loose THOUSANDS of pounds as many fail to tell families about their online savings
Life on the internet after death
Life on the internet after death
Digitally dead: How you could be 'killed online'
Digitally dead: How you could be ‘killed online’

Popular posts

  • Template of a Will Clause For Digital Assets
  • Template of an Authorization and Consent for Release of Electronically Stored Information
  • Template of a Power of Attorney clause for Digital Assets
  • Digital assets – meet LifeLocker, the essential Executor tool
  • I spent the last 6 months planning my online death

Tags

afterlife Amazon Apple assets bank account bank accounts beneficiaries digital asset digital assets digital death digital estate Digital Estate Plan Digital Estate Planning Digital Executor digital footprint digital information digital legacy digital property digital world draft estate plan Estate Planning estate plans executor Facebook family member Financial accounts friends Google laws Life After Death NEW YORK online banking online presence Online services PayPal Personal data power of attorney service provider service providers social media social network social networks Twitter Yahoo

Download the free guide

ddg

Archives

Categories

Tag cloud

social network Amazon digital world friends Digital Estate Planning family member laws assets digital death Digital Estate Plan Yahoo Google bank accounts Estate Planning digital footprint Facebook digital property bank account digital asset afterlife estate plan Twitter digital legacy beneficiaries Apple social media draft digital assets executor digital estate
May 2023
MTWTFSS
1234567
891011121314
15161718192021
22232425262728
293031 
« Apr    

Tag cloud

service providers Digital Estate Planning digital world Digital Estate Plan Facebook afterlife bank account friends estate plan digital information PayPal Amazon laws assets Yahoo online banking social media Google digital assets Life After Death Apple Financial accounts digital asset family member Personal data digital estate digital property digital death NEW YORK Online services digital legacy beneficiaries social networks digital footprint service provider online presence executor social network Digital Executor bank accounts Twitter power of attorney estate plans Estate Planning draft
sparkling Theme by Colorlib Powered by WordPress