Your Security and Fintech Apps
Third-party (non-TD) financial technology (fintech) apps and data aggregators often store and access your digital bank account username, password and account information to provide services that may help you manage your money, invest, borrow and send money. Find out how these apps use your data and what you can do to help protect yourself.
Get informed: fintechs and data aggregators
We know how much you value safety, security and transparency when it comes to the use of your data. That’s why we want you to understand how the financial products and services offered by fintechs and data aggregators work, what they do with your data and how you can protect yourself. We believe in supporting customer choice, but we also want you to have the right information to make an informed decision.
- What you need to know
- How to protect yourself
How fintech apps access your info
First, they get your login credentials
Many fintech apps use data from a financial institution, like TD, where you have accounts. As part of the app sign-up process, fintechs—or the data aggregators they use to collect your information—may present a login screen for you to enter your banking credentials. While many of these app login screens may look like your banking login screen, it's important to know that's often not the case.
Next, they store your login credentials
Once you give them your credentials, fintech apps and data aggregators may store them on their servers. This means that the safety of your bank credentials is now reliant on their security systems.
Then, they have access to your information
When the fintech app or data aggregator wants your banking information, they may use your credentials to access and retrieve (screen-scrape) your account information. Certain information TD has about you—including balances, account numbers, profile information and account statements—could be retrieved by the fintech app provider.
Your responsibility when using fintech apps
Understand your responsibilities—as well as the risks—before sharing your sensitive and confidential financial information with third parties.
When using a fintech app, you may be providing your confidential TD username and password directly to third parties over whom TD has no control. Please be aware that the sharing of your TD credentials is contrary to the terms of our agreements, and TD will not be responsible for any harm that results from the sharing of your credentials.
Info to look for when you're signing up
- Familiarize yourself with how collected data will be stored and for how long before consenting
- Understand how you can revoke consent
- Learn how your data will be used and if your data is being sold to, or shared, with additional parties
To verify you are logging in with TD when using a third-party app, check the site's URL located in the address/location bar of your browser and confirm it starts with https://authentication.td.com or https://onlinebanking.tdbank.com. If it doesn't, then you may be interacting with a third party, not TD.
If you provide a fintech with your online banking credentials, it will have access to all of your online banking information. Many aggregators use a robot or other automated process—also known as screen-scraping—to log in as you and collect your financial and personal information. You should check the terms and conditions of the app carefully to determine how they intend to use the data.
When using a fintech service, you may be choosing to have one or more third parties maintain, use and store your sensitive information, which may include your account numbers, usernames, passwords and other information. If your sensitive information is not properly protected, fraudsters could easily gain access to it and use it to commit fraud against you. This could include accessing your online accounts and moving your money. While aggregating your personal information in a single location may offer potential benefits such as a clearer picture of your overall finances, it also increases fraud and security risk.
Yes. When you share your username and password with these fintech apps, you are giving them the digital keys to your account; they will be able to see everything you can see when you log in to your online account, which may include your name, address, phone number, account numbers, transactions and other information. When you share your information with fintech apps, TD will no longer be able to maintain its privacy and security. We also will not be able to control the purposes for which it is used or with whom it will be shared. Therefore, TD will not be responsible for any harm that results from your use of their services.
TD is committed to helping protect customers. We are working to enable a more secure way for customers to provide access to their financial data with clear, transparent and revocable consent.
The easiest way to revoke consent is by logging in to your fintech service and going to their settings/manage connections (or similar) menu bar option. If this is not easy to find, contact your fintech service directly. You should also then change your bank username and password.
† By clicking on this link you are leaving The Toronto-Dominion Bank's ("TD Bank") website and entering a third-party website over which TD Bank has no control.
Neither TD Bank, nor its subsidiaries or affiliates, are responsible for the content of third-party sites hyper-linked from this page, nor do they guarantee or endorse the information, recommendations, products or services offered on third-party sites.
Third-party sites may have different privacy and security policies than TD Bank. You should review the privacy and security policies of any third-party website before you provide personal or confidential information.