Do you know who has access to your banking data, and how they may be using it? Have you ever been asked to enter your banking login information into a financial service (also known as “fintech”) app? This is an example of screen scraping, a practice that could potentially cause you to be liable for losses if your bank account is hacked.
What is screen scraping?
Screen scraping takes place when a third party, such as a finance or budgeting app, asks you to provide your online banking username and password, allowing them access to your financial data. With your banking logins, the third party can access your bank account – as if they were you. Often, the third party will transfer your data to an external database that supports their products and services. You no longer have control over your banking data once it is shared through screen scraping.
Screen scraping means financial services apps may have access to your:
What are the risks?
If you provide your banking login information to another individual or application, you may be violating the terms of your banking agreement. Depending on the terms of the agreement, you may be liable for losses if your account is hacked or compromised. Carefully weigh the potential risks of sharing this information before you provide it.
How do I protect myself?
Before entering your details into a financial services app, ensure you understand how your personal and financial data may be used. Ask your financial institution if you are unsure whether you should share your banking credentials.
While financial services apps can offer helpful tools, make sure you understand the potential consequences of sharing your information. You may be vulnerable to data breaches, fraud, and more.
Users should regularly review their banking history for unauthorized or suspicious activity and check their banking agreement to find out about their fraud protections.
The Payday Loans Act prohibits payday lenders in Saskatchewan from using screen scraping. Most payday lenders will require you to sign a pre-authorized debit (PAD) form, which is permitted. However, they can’t use your banking information for any purpose other than the loan repayment.
For more information, visit the FCAA Advisory on Screen Scraping.