Below is an interesting ad from the J.P. Morgan Chase home page:
They go on to say that you could be responsible for any losses if you do. They say don’t share your login password for Chase.com with third party sites that offer budgeting, managing and other services.
In fact, the user agreement says this:
If you disclose your Card numbers, account numbers, PINs, User IDs, and/or Passwords to any person(s) or entity, you assume all risks and losses associated with such disclosure. If you permit any other person(s) or entity, including any data aggregation service providers, to use the Online Service or to access or use your Card numbers, account numbers, PINs, User IDs, Passwords, or other means to access your accounts, you are responsible for any transactions and activities performed from your accounts and for any use of your personal and account information by such person(s) or entity.
There are two ways to look at their ad, both of which, I think, are valid.
First, if you give out your password to another site, say Mint (I’m not picking on them, it is just a popular aggregation service), that aggregates your financial data, you may well be responsible for any fraud that occurs. If they are hacked, it is your bank account that is at risk. At best, you will have to fight to prove that you didn’t do the transaction. The bank could say that by giving them your password, you authorized them to do whatever they did, so it is your problem (which is exactly what it says in the user agreement). Also, since it was done with your userid, it will be hard to prove that it wasn’t you. The bank could say that someone logged in with your userid and password, that there is no evidence of hacking, so you must have done it.
The second way to look at it is that the bank wants to be your trusted financial advisor. They want you to come to THEIR web site so that they are the center of your financial universe. If you use a third party site, they become much less relevant to you, which will not make them very happy. You might never log on to the bank’s web site yourself ever again. That will make them sad. It also means that their bank could be swapped out with a different bank and it wouldn’t make any difference to you.
I think both points of view are valid.
So what’s a person to do if they do want to use a third party web site to help them manage their financial life? I make these recommendations.
First, of course, research the site as best as you can to make sure that they are reputable, have good security practices, their terms of service don’t make you liable for everything they do – stuff like that.
Second, and likely more important, most banks will allow you to create additional userids to access your account data. Many of them will allow you do grant or revoke permissions to that ID. This means a little more work for you, but we are talking about your money.
If a web site only does reporting for you, they do not need to be able to issue checks or wire transfers. Create a userid just for that site and don’t give it those permissions. If you have another site that does bill pay for you and only needs access to your checking account, only grant it access to your checking account. DO NOT SHARE IDs ACROSS DIFFERENT SITES.
If you have already given out your password to some other site, change your password and then create a new ID for them with the right permissions.
This includes, by the way, if you give your accountant or bookkeeper access to your banking site – give each of them their own ID.
By giving each entity that has access to your money it’s own ID, IF there is a problem, you have a much better chance of figuring out where the problem came from.