In the past year, it’s a deal about one-third of us made: We handed over our bank data to a fintech app in exchange for it to help us quickly manage our money or provide some other benefit.
However, it turns out we have some concerns about the very thing we’ve been doing to save us time and money, new research shows.
Roughly, two-thirds of consumers who have bank accounts are “very” or “extremely concerned” about their data privacy when they use non-bank apps for money-related tasks, according to an August report from The Clearing House.
“There’s definitely a high level of concern over the protection of data,” says Dave Fortney, executive vice president of product development and management at The Clearing House. “And these (concerns) are from the people who are doing it.”
What’s the risk?
There’s a reason for these concerns: For the app to work, it needs your bank data. So, there’s a good chance the app will ask you for your bank login credentials to grab your data and do its job. Many in the banking industry view this practice known as screen scraping as risky — not only because you’ve handed over your bank account keys to someone else, but because there are questions around what the app is doing with the data or how much data it took and who pays what if there’s a hack.
Shirley Inscoe, a senior analyst at Aite Group, hopes more consumers are recognizing such dangers of sharing their bank credentials with fintech apps. “First of all, if they are concerned, good,” Inscoe says. “They should be.”
According to the study, most of us using fintech apps are concerned — and the research was conducted before the Facebook-Cambridge Analytica data scandal.
These habits aren’t changing
But let’s be clear: We’re not going back to a time before Mint. Apps are popping up all over the place to help people manage their money, get a loan, pay a friend back and more. We like them.
People who say they are concerned about their data are still using the fintech apps that run on bank data.
Dan Jones, director of information security at fintech company MX, says consumers are realizing that their data is highly valuable. However, he sees the research as evidence that the reward of, say, knowing you’re overpaying for a loan outweighs the risk of supplying an app your bank credentials — especially when the bank isn’t making such features available.
“It’s how consumers understand if they are getting a better deal or not,” Jones says.
Let me do what I want, safely
The research supports that consumers want to use fintech apps, but safely and in a transparent manner. “They want that,” Fortney says.
We’re even asking for more control over our data. The survey found that the majority of us (56 percent) would like to call the shots on which financial accounts and data types a third party can grab, for example.
“People are getting more and more fed up with data breaches, and they want some control of their data,” Aite’s Inscoe says.
The industry is working on giving us what we want. Already, a handful of banks have been publicly announcing partnerships with fintech companies that will help consumers use apps without having to hand over banking credentials, for instance.
Associations and regulators have been involved in the broader discussion, too. In 2017, the Consumer Financial Protection Bureau published non-binding principles on data sharing. More recently, the U.S. Department of the Treasury wrote about some of the dicier issues in its fintech-focused report. Now, The Clearing House is pushing the industry to implement new consumer financial data access controls.
It’s part of a big trend: letting you bank when you want and where you want. And it’s not stopping. As The Clearing House report says: “There is a need for a concerted effort by all stakeholders — including banks, fintechs, data aggregators, regulators, and consumers — to ensure data security.”
However, there are plenty of challenges in moving to a new data-sharing model, including banks rethinking how they guard your assets. Translation: This isn’t going to happen overnight or even by next year.
How to reduce data risks
Yet, we know you’re not abandoning an app you value while the industry sorts out the mess. So, for those supplying bank credentials to fintech apps, there are several simple steps you can take to help reduce some risks:
1. Get savvier on what using a fintech app means
While the research showed we have a general awareness of what is happening when we use a fintech app, it also highlighted a few misconceptions we need to break. For instance, about a quarter of respondents said they would not use an app that stores their bank credentials. The reality, however, is likely different. Data aggregators — the companies pulling your bank data into an app — can regularly sign into your bank account on your behalf when they have your credentials. Also, some of these companies grabbing your data are reselling it. Know that.
2. Read the disclosures before signing up for the fintech app
We know. Read a disclosure? Ugh. But it will help you understand your rights and obligations. Some apps are more benign than others.
3. Be aware of which apps have access to your bank data
While the industry is working on ways to help you know what you shared with whom, the burden is mostly on you for now. So, once you know what apps you have, decide: Are you actually using all of them? Or, is one just sitting there? If the latter, consider deleting it. Also, your bank may have enabled such a feature through its portal. So, check there, too.
4. Update your bank passwords
It’s easy to forget about an app that still has access to your bank data. So, cut off the access by resetting your bank password(s). Yes, that means you will need to update the fintech apps you do use with the new login information. But the hassle cuts out an unnecessary risk.
The bottom line? The industry is working on ways to address your data privacy concerns and theirs. But for now, you’re calling the shots on what fintech app you need to manage your money.
As Fortney puts it: “It’s really up to everyone’s risk tolerance.”