Don't Get Burned by Your Bank's Terms of Service
Be careful about giving out your online banking credentials to third parties. It could leave you liable for any losses.
A while ago, I opened a new trading account and used a new onboarding system to transfer money. This system was designed to speed up the process by asking me to enter my online banking credentials. The problems started when I asked my bank about this method of payment. To make a long story short, my bank's security team had not heard of this system and immediately suspected a scam.
The authentication system turned out to be legitimate, but it relies on a flawed method by asking for a user's online banking credentials. Later, I received a letter from my bank stating that they were not responsible for any money lost because I had given my online account credentials to a third party.
This experience led me to think about other services that require access to online accounts. Some popular apps, like Mint.com and Pocketbook, ask for your credentials to access transaction lists and account balances so they can help you track your spending. Similarly, some mortgage and home loan applications also require you to enter your online banking credentials to access your bank statements as part of the income and expenses verification process.
While these services may be convenient, they come with a significant risk. If a disputed transaction were to occur, your bank would likely not be liable to cover the cost since you've violated the terms of service by giving out your private login details. This is a very risky practice that can leave you financially exposed.
There is a fully secure way for a third party to access your data without you giving them your actual login credentials. This method, called Open Authentication (or OAuth), redirects you to your bank's website. You log in there and grant the third-party service access to your data without ever sharing your private information with them.
If a service doesn't offer a secure authentication method like OAuth and you have no other choice but to share your credentials, then you should change your password immediately after using the service.
