As you operate more applications, the risk of your information being compromised increases.
However, you can take precautions to protect yourself.
More and more consumers are using personal finance apps to manage their money, relying on them to pay, borrow, save, invest and shop.
While these tools can make life easier, the question arises as to whether it is risky to give multiple apps access to your financial information.
Security experts suggest that it depends.
The more apps you use, the greater the risk of hacks and data breaches.
However, you can take steps to protect yourself.
New online-only banks, along with digital apps for peer-to-peer payments, personal loans, savings and budgeting, are gaining popularity because they are convenient and, in some cases, fun to use.
At the same time, traditional banks and brokerages are adding options in their apps to help customers better manage their checking, savings, credit card, mortgage and investment accounts.
Although finance apps are not particularly vulnerable to hacking, any app can be hacked or breached, which could expose users’ financial data or funds.
In addition, if you are tricked into revealing your login credentials, criminals could access your funds just as easily as you could.
There are also concerns about the privacy of your personal data.
Some apps may sell or share some of your information with third parties, creating another point of vulnerability.
“Even if the original app has strong security measures, it can’t fully control the data security practices of its partners,” explains Delicia Hand, senior director of digital marketplace at Consumer Reports.
“If a third party suffers a data breach, users’ sensitive information could be exposed, putting them at risk for identity theft, financial fraud or targeted scams.”
Here’s a closer look at some precautions you can take to use finance apps more securely.
Review and verify
First, verify that the app you want to use comes from a reputable company with established security and privacy policies, and check for complaints about it in online forums, advises Meredith Fuchs, director of the legal team at financial technology firm Plaid and former deputy director of the Consumer Financial Protection Bureau.
Then, download the app directly from the App Store or Play Store to make sure you’re getting the authentic app and not a knockoff.
Don’t download an app from a link or website unless it’s the official website of the company behind it, says Stuart Schechter, a security and human behavior researcher at Harvard University.
Review the app’s privacy policy to understand how customer data is collected and handled.
Although data sales have declined, according to Hand, some apps still share user data, such as names, emails and phone numbers, or financial data such as transaction history or account balances, with partners such as service providers, affiliated companies and marketing partners.
Look for policies where the company only accesses the data it actually needs to provide the service, rather than collecting as much as possible.
“The less data the company collects about you, the less damage there will be if that data is stolen,” says Brian Callahan, director of the Rensselaer Cybersecurity Collaboratory at Rensselaer Polytechnic Institute.
Review how the app handles unauthorized charges or transactions, if necessary.
Hand notes that some apps may have stronger protections than others, or more streamlined dispute and resolution processes.
Passwords and keys
When setting up an application, use a strong password or password manager, and enable two-factor authentication to verify your identity when logging into the application.
For added security, some apps allow users to upload a current photo or video to verify their identity.
Some also allow the use of a passcode, special software linked to your phone or other device, or a physical security key that connects to your phone or other device to verify your identity.
The latter option provides very strong security, provided you don’t lose it, although it may not be necessary for all users.
Outside of apps, be sure to keep your devices and email accounts secure.
For example, you might want to enable facial recognition – such as Face ID on Apple devices – so that access codes sent by a bank or app are secure.
Similarly, it’s critical to use strong passwords and enable two-factor authentication on email accounts used to access financial accounts, experts say.
Gavin Reid, chief information security officer at cybersecurity company Human Security, uses two email accounts: one for everyday use and one only for financial accounts, plus a physical security key.
He also recommends deleting any applications you’re not using to reduce risk.
“The most important thing you can do is make sure private things stay private,” says Jess Turner, executive vice president and global head of open banking and APIs at Mastercard.
“So don’t share credential information, passwords or usernames, and rely on technologies like biometrics.”
Limit links
Connecting finance apps to your bank and other financial institution accounts is often necessary to make payments, take out loans or manage expenses and investments.
Many apps and banks use intermediary services such as Plaid, Mastercard, MX Technologies or others to do this.
For example, when you connect a bank account to a payment app, Plaid may open a window to ask for your approval to link the accounts and describe what data will be shared before making the connection.
These intermediary services have many security measures in place.
However, connecting apps can present risks by increasing the potential exposure of your financial data through the intermediary or other apps involved, explains Reid, chief information security officer at Human Security.
“You should limit that kind of sharing as much as possible to reduce your risk footprint,” he adds.
“It’s critical to understand who has your data and what they can do with it.”
Of course, when multiple apps share information with each other, as well as with third-party partners, it can be difficult to track and control how your personal data is being used.
To help with this, Consumer Reports has developed a free app called Permission Slip, which shows consumers what types of data companies collect about them.
The app can also send requests on behalf of consumers to ask companies to stop selling their personal data or delete it altogether.
You could also get help in this area from regulators.
The Consumer Financial Protection Bureau is expected to issue final rules this year under Section 1033 of Dodd-Frank, which would unify how data is shared among financial institutions and give individuals the right to revoke access to their data or demand that it be deleted, as well as prohibit the misuse of data for targeted advertising.