Your Security and Fintech Apps

Third-party (non-TD) financial technology (fintech) apps and data aggregators often store and access your digital bank account username, password and account information to provide services that may help you manage your money, invest, borrow and send money. Find out how these apps use your data and what you can do to help protect yourself.

Get informed: fintechs and data aggregators

We know how much you value safety, security and transparency when it comes to the use of your data. That’s why we want you to understand how the financial products and services offered by fintechs and data aggregators work, what they do with your data and how you can protect yourself. We believe in supporting customer choice, but we also want you to have the right information to make an informed decision.

How fintech apps access your info

First, they get your login credentials

Many fintech apps use data from a financial institution, like TD, where you have accounts. As part of the app sign-up process, fintechs—or the data aggregators they use to collect your information—may present a login screen for you to enter your banking credentials. While many of these app login screens may look like your banking login screen, it's important to know that's often not the case.

Learn how to verify if a login screen is supported by TD

Next, they store your login credentials

Once you give them your credentials, fintech apps and data aggregators may store them on their servers. This means that the safety of your bank credentials is now reliant on their security systems.

Then, they have access to your information

When the fintech app or data aggregator wants your banking information, they may use your credentials to access and retrieve (screen-scrape) your account information. Certain information TD has about you—including balances, account numbers, profile information and account statements—could be retrieved by the fintech app provider.

Learn more about screen-scraping

Your responsibility when using fintech apps

Understand your responsibilities—as well as the risks—before sharing your sensitive and confidential financial information with third parties.

When using a fintech app, you may be providing your confidential TD username and password directly to third parties over whom TD has no control. Please be aware that the sharing of your TD credentials is contrary to the terms of our agreements, and TD will not be responsible for any harm that results from the sharing of your credentials.

Questions to ask before using a fintech app

  • What type of data does the aggregator (or the company used by the data aggregator) collect when accessing my bank account?
  • What security practices are in place to protect my data?
  • Who is responsible for any security/data breaches or unauthorized charges that may occur, and will they be able to reimburse me for losses?

Info to look for when you're signing up

  • Familiarize yourself with how collected data will be stored and for how long before consenting
  • Understand how you can revoke consent
  • Learn how your data will be used and if your data is being sold to, or shared, with additional parties

How to monitor your fintech app

  • Monitor your accounts and transactions regularly for any suspicious activity that you did not initiate or authorize
  • Opt in to receive account and security alerts via text or e-mail on all your TD bank, investment and credit card accounts
  • If you stop using a fintech app or services, change your TD password and disallow the connection by logging in to the fintech provider and changing the connection settings before you delete the app

ExpandHow do I know if a login screen is supported by TD?

ExpandCan you tell me more about screen-scraping?

ExpandWhat are some of the risks of using data aggregation or fintech services?

ExpandDoes sharing my information with a fintech app impact my relationship with TD?

ExpandWhat is TD doing to help me?

ExpandHow can I revoke consent and disconnect from a fintech service?

Important Disclosures