Protecting Member Data From Third-Party Aggregator Services


Members are increasingly turning to personal finance services—including Dave.com, RobinHood.com, CashApp, and countless others—to help them manage their money. Some services link directly to a members’ credit union account, allowing them to monitor their spending or pay bills online. Other services aggregate personal financial information in real-time, consolidating member data from multiple accounts like credit cards, loans, savings, checking, and retirement, in one place. For these services to work, your members must freely give them their digital banking login credentials. These services then automatically log in to your members’ digital banking accounts to pull account information and conduct transactions and do so without warning or regard for the systems they are accessing.

While financial aggregator services may provide members a platform for viewing and working with all of their accounts, members should be reminded that anytime they provide a third party their banking account numbers, passwords, usernames, or answers to online security questions they increase the risk of having their financial information breached. A recent breach at Waydev affected 7.5M consumers, some of whom may be your members. The bad actors behind that breach may now have access to home banking credentials for millions of accounts.

One of the most important protective measures your members can take is to change their digital banking logins regularly. Reminding your members to change their passwords is something that should be done on a regular basis. To assist you with this type of communication, the League has created a sample message you can share with your members. This reminder can serve as good content for credit union newsletters, e-blasts, and social media.

If you need additional assistance communicating on this topic, email Jen Burke, League Public Affairs & Communications Manager at jburke@mainecul.org.

Sample Credit Union Communication to Members:

Are you using a personal finance app to help manage your money? If you are, you aren’t alone.

Consumers across the country are increasingly turning to apps like Dave.com, RobinHood.com, CashApp, and countless others to monitor their spending. While these apps may provide a platform for viewing and working with multiple accounts, they also increase the risk of having financial information breached. In fact, a recent breach at Waydev affected 7.5M consumers.

If you are leveraging any of these tools, there are some important steps you can take to protect your personal information.

  1. Examine the terms of service for apps you are using.
    • Review the app’s data retention policies and determine whether the app resells your information.
  2. Find out what security features the app offers to ensure your personal information remains safe.
    • Look for things like two-factor authentication.
  3. Always confirm the validity of the app.
    • Don’t provide your account numbers or any personal or financial information on the phone or online unless you initiate the conversation and you know the organization.
  4. Change your passwords and security settings often and use a highly secure password for your financial accounts.
    • Secure passwords often contain letters, numbers, and special characters.
    • Avoid using the same username and password on multiple sites.
    • Guard your pins and passwords. Don’t store them on your phone or write them down in a location where others might be able to access them.
  5. Change your credit union and other account passwords if you want to remove an app’s access to your accounts.
  6. Contact us right away if you feel your information has been compromised!

Always use extreme care when using third party apps. The more services you sign up for and the more devices you use provides criminals additional opportunities to steal your information for their personal gain.