Skip to main content

What to consider when sharing your financial data

It’s increasingly common for financial services and companies to ask you to share your data. These services connect to your bank accounts, credit cards, or other financial accounts to support many different kinds of functions, including:

  • Offering you tools to help you budget
  • Offering you financial advice
  • Helping you shop for new financial products
  • Helping you send or receive money
  • Helping you save money
  • Verifying your identity
  • Deciding whether to lend you money
  • Helping you improve your credit profile

People are sharing data to help get loans approved, help manage their finances, and save time when signing up for financial services. However, sharing your data can have implications for your privacy and the security of your information.

We put together some key information about how data sharing works, what you should consider before sharing your data, and some tips on how you can best protect your data and accounts.

How does data sharing work?

Data sharing refers to services that access, standardize, and transport your data, with your explicit permission. With new consumer data sharing tools, you are giving permission and access to the company that wants to use your data. For example, if you sign up with a company that offers an app that helps you manage your budget, and you provide it access to your bank accounts and credit cards to combine and analyze data from those accounts, you’re using a service that relies on data sharing.

Different companies and services use data sharing differently. Some companies will use your shared data only once—for example, to verify your identity or get information from your bank when you are opening a new account or applying for a loan. Many services, however, use shared data on an ongoing basis. This includes most apps that help you manage your budget, make payments, and monitor your accounts.

When you share your data, you are often sharing it with at least two companies: the one that’s offering you the service and a separate “aggregator” company that specializes in facilitating data sharing. Generally speaking, the company providing the service usually chooses which aggregator it uses.

Make sure you’re comfortable sharing your data

Before you start using a service that wants to connect to your bank or other financial accounts, follow some simple steps, and use your best judgment, to check that the service is legitimate.

  • Consider how you learned about the service in the first place, and whether you consider that source trustworthy
  • Search for reviews and other indications that a service is legitimate, like positive references in stories by trusted news organizations
  • If you’re accessing the service through an app store or a similar portal, look for credible ratings and reviews that could indicate if a service is legitimate
  • Check whether the service offers a phone number, email address, or other means of getting in touch if you have a problem

Get to know how your data is used

Services should disclose what data they’re using from your accounts and how they’re using it. Currently, there’s no standardized way data usage is disclosed to you, so you should carefully read the terms, conditions, and other information you’re provided. Unfortunately, services may not disclose everything you may want to know about clearly, with precision, or even at all.

If a company that wants to access your data doesn’t give you the information you’re looking for up front, you may want to consider contacting the company providing the service to see if you can learn more. If you can’t get the information you’re looking for, you may have to decide whether you feel comfortable enough to share your data based on what they have disclosed.

With that in mind, here are a few key things to think about when you consider sharing your data:

  • Make sure only the data you want to share is being shared, and that you’re comfortable with how it’s being used
  • Check whether the data you’d be sharing may be shared with third parties, and if you’re comfortable with those third parties having access to your data
  • Look into how often the service will access your accounts
  • Learn how to view and change what data the service is accessing
  • Explore what data the service is storing, and for how long
  • Check whether the service will have the ability to make payments or move money between your accounts, and if so, whether you’re comfortable with the terms of those services
  • Review how to dispute any errors you see in the data, and when applicable, what legal rights you have regarding disputes
  • Make sure you know how to instruct the service to stop accessing your accounts altogether, and when applicable, how to delete the data you’ve shared

Check your information for accuracy

Even in these days of powerful automation, mistakes can be made, and you have a legitimate expectation that your information will be accurate. If you see inaccurate information in a service you’re relying on, it may not be immediately clear where the error originated. As a first step, review your bank or financial institution statements or digital banking information. You may need to contact your service provider, the aggregator, and/or your bank depending on the nature of the inaccuracy.

Always review your statements for unauthorized transactions

You should always keep an eye on your bank accounts and credit card statements to make sure there are no unauthorized transactions or other errors. If you’re sharing credentials or access to your accounts, that’s even more of a reason to stay aware. If you see a transaction on your account you don’t recognize, report it to your financial institution right away.

Turn off apps and services when you stop using them

It’s easy to stop using a service when it’s no longer useful, or even in some cases to forget you were using it at all! But when it comes to accessing your data, it’s important to keep track of which services you use. If you decide to stop using a service, you should cancel the authorization you gave to access your account, and when applicable, tell the service to delete the data they’ve collected on you. This is the best way to protect your data and avoid unauthorized transactions.

Remember, just deleting an app from your phone doesn’t stop your data from being shared. Changing your passwords frequently is a good security practice, but even changing your bank password may not always mean that a service loses access to your accounts. Some banks may offer tools that let you monitor which services are accessing your data. These tools may also help you switch them off when you want them to stop accessing your information.

If you receive notice of a data breach, take action

If you receive a notification from any company you do business with that it has suffered a data breach, go directly to the company’s website and change your password. If you gave a company the credentials associated with one or more of your financial accounts in order to share your data, and that company—or its aggregator—later reports a data breach, you should also change the password for those financial accounts as well. You should also contact your bank to see what other steps you may need to take to ensure your information stays as secure as possible.

Remember, if you see a transaction on your account you don’t recognize, report it to your financial institution right away.

In general, you should have a separate, strong password for each of your financial accounts to reduce the risk that a hacker will be able to get access to your accounts. The Federal Trade Commission has helpful tips on making your passwords more secure .

Having trouble with a financial product or service?

If you've already tried reaching out to the company and still have an issue, you can submit a complaint. Tell us about your issue—we'll forward it to the company and work to get you a response, generally within 15 days.

Join the conversation. Follow CFPB on Twitter and Facebook .