Are budgeting apps safe to use?

August 06, 2019

By Maggie Tomasek

Are budgeting apps safe to use?

woman using budgeting app

Budgeting apps have made it easier for people to track their spending and monitor their finances across multiple accounts at a glance. These apps are also known as financial aggregators because, put simply, they aggregate or combine financial statements, bills, bank accounts and credit cards all in one place. The service may also include financial and tax planning, portfolio analysis, credit monitoring and more.

Because these apps require users to provide sensitive information, they also come with a certain amount of risk. Are budgeting apps safe? Here’s what you need to know about the risks of using financial aggregators and how you can better protect yourself and your information when using them.

Budgeting app risks

As Krebs on Security recently wrote, fraudsters are increasingly abusing third-party financial aggregation services to target consumer accounts online.

Many budgeting apps, which are also sometimes referred to as personal finance management (PFM) tools, were developed by financial institutions and employ similar approaches to security as their online or mobile banking platforms. However, some apps don’t have the same security pedigree. For example, they might not have end-to-end encryption or they might display full account numbers, which increases the security risk of the financial aggregator.  Most importantly, because they aren’t financial institutions, they’re not under the same regulatory requirements and scrutiny.

By giving budgeting apps access to your personal and financial information, you also could be susceptible to fraud in the event of a third-party data breach or a fraudster accessing your financial account usernames and/or passwords in the app. The more places you store and share your sensitive information, the more at risk you are for these types of fraud because, as we know, data breaches can happen to retailers, credit bureaus and other institutions

An especially concerning form of this type of information sharing is “screen scraping,” where the user gives their financial account username and password to the aggregator in order to log in as the consumer and extract recent transaction information. The aggregator stores these credentials so the user doesn’t have to log into each individual account every time they log into the app. But, the financial aggregator could store those credentials – and continue pulling in that information – even after you delete the app. 

Screen scraping can also interrupt service with your financial institutions. Financial aggregators often look like bots to a bank’s security systems, which could detect the aggregator’s login activity and mistake it for unauthorized login attempts.

Also, because all of your information is in one place, financial aggregator use could increase your risk for identity theft, according to the Financial Industry Regulator Authority (FINRA).

How to protect your information

Change your usernames and passwords

Fraudsters compile usernames and passwords found on other sites and use computer programs to try various combinations to get into consumers’ financial accounts. (With hacker databases containing nearly 8 billion usernames and passwords, there’s a good chance some of your credentials are already in one of those databases.)

Fraudsters know that most people re-use their usernames and passwords over and over, so they’re trying to put the puzzle pieces together. If they have your known usernames and/or passwords from a different site, they’ll keep stringing them together to try to get into your financial accounts.

Changing only your password isn’t enough. You also need to create unique usernames on your financial accounts and any financial aggregators you use to protect your money and information. Think of your username as a second password and make it complicated for others to figure out. Avoid using the same emails, usernames and/or passwords across multiple sites (including social media sites).

Research budgeting apps

Before you begin using a budgeting app, read the fine print, including the financial aggregator’s terms and conditions, and privacy and security measures. Do they share your credentials or data with any other providers or vendors? Exactly what data are they collecting?

Look for apps that are designed to be read-only, such as Mint or PocketGuard. This means you can’t move money between your accounts using the app, so neither can fraudsters. Do your research on their security history – i.e. have they had any data breaches or lawsuits? – and find out whether the app displays full account numbers.

If you’re using more than one financial aggregator, ask yourself if you really need them all. Disconnect and delete any budgeting apps you’re not using. Know that deleting the app might not be enough; you’ll want to follow all necessary steps to cancel your account and stop the aggregator from accessing your information.

Watch your accounts

Regularly monitor your credit report. You can also set automated alerts, like transaction or purchase alerts, to keep a close eye on your accounts and better protect yourself from fraud. If you see unusual activity, you can report it right away to help minimize any losses or damage to your financial reputation.

Maggie Tomasek is the PR & Content Strategist at Alliant. She began her career as a journalist for newspapers in Utica, N.Y., Des Moines and Cincinnati before moving to Chicago in 2009. Maggie is an eight-time Chicago Marathon finisher and a lifelong creative writer with a passion for comedy. Her mom instilled in her a great sense of fiscal responsibility, and her big sister told her to throw that responsibility out the window every once in a while in the name of life experience. So far, that combination of financial advice has worked out pretty well for her.

Sign up for our newsletter

Get even more personal finance info, tips and tricks delivered right to your inbox each month.