Nuts, Bolts And Risks Of Data Aggregation

(NAPSI)—If putting all your financial information online and in one place sounds like a good idea, there are many companies—often called data aggregators—ready to help you organize your financial life. However, before you share your account information and other sensitive financial details with data aggregators, it pays to know how these services operate and how to protect yourself from potential privacy and security risks.

Some data aggregators provide a single place to view a simple snapshot of your overall finances. Others offer financial and tax planning, budgeting, and the ability to track home value and mortgage information. Some provide additional options, including portfolio analysis, advice, credit monitoring, bill paying and more. Depending on the provider and services you choose, you can be charged monthly or annual fees for data aggregation.

You can aggregate information through a nonfinancial organization or add information from outside financial accounts to an existing financial provider, such as a bank or investment firm. In either case, aggregation is possible because you provide the aggregator with the log-in information for your financial accounts. For example, say you want to aggregate and track information from an IRA, a 401(k) account, a savings account and two credit cards, all residing with separate financial institutions. To create a single dashboard, the aggregator will ask you to provide five separate sets of log-in credentials so that it can access each one of those financial accounts.

Your security credentials let the aggregation service grab or “scrape” this data, often daily. Scraping is an automated process involving a code that goes to the chosen account websites, registers using your security credentials, and collects applicable account information.

As an alternative, a growing number of financial institutions offer aggregators an “application programming interface” (API) to transfer data from the financial institution to the aggregator. APIs provide a contractual agreement between the aggregator and the financial institution—and give consumers the ability to authorize access, limit scope, and specify whether fund transfers are permitted.

Many customers appreciate having a single snapshot of multiple accounts. But sharing security credentials for financial account information comes with risks.

• Providing access to your personal financial information exposes you to privacy and security risks, including potential vulnerability to cyberfraud, unauthorized transactions, and identity theft.

• Many data aggregators are not subject to the same regulations that registered financial institutions are subject to, particularly in areas of data privacy and security.

• If the aggregator sells investment products, you might get sales recommendations from that entity.

You can use these tips to help weigh the benefits of aggregation against the risks of sharing your security credentials.

• When you authorize a third party to facilitate payments on your behalf, make sure that payments are making it to the intended destination.

• Read the user agreement. Know what rights you are granting with respect to accessing your financial accounts and using your data.

• Verify that the aggregator will access only the information it needs to provide the desired services to you.

• Understand whether the aggregator has the authority to share your security credentials, data, or access to your accounts with another service provider, partner or affiliate.

• Ask about the cybersecurity policies in place with the service provider and know what you can expect in the event of a loss due to a data breach or unauthorized access.

Finally, do your own online research and due diligence. Look up any reviews, complaints or lawsuits against the data aggregator you contemplate using.

To learn more about how to protect your money, visit the FINRA website at www.FINRA.org/LearnMore.