If you’ve downloaded a budgeting app (Mint, for example), and it asks you to fill out a detailed personal profile, be sure to share only the required information. The more information you input, such as your date of birth, home address, Social Security number, etc., the more that information is at risk should the app be hacked or if there’s an information leak.
Additionally, some organizations will sell your data — that intention is often hidden in the fine print of their websites. The less information about yourself you put out on the web, the less likely sensitive details will end up in the hands of a data broker that may sell your data. If you don’t pay to use the app or service, it’s likely that your information is being sold, so make sure to do your due diligence before signing on the dotted line.
Before you sign up for an app or brokerage account, you should review the provider’s website, paying close attention to its security. Given mounting concerns about vulnerabilities, a reputable company will list out its security features online and how it deals with fraud and identify theft. If it doesn’t, it might be a sign it isn’t taking these issues seriously.
For example, a bank I use explains on its website how it uses multifactor authentication to secure client accounts and TLS encryption to secure data when you connect to its app. It also has a guarantee for online and mobile security to protect its customers. These types of guarantees have important nuances to understand, but ultimately, they do provide some piece of mind.
Many financial institutions will cover losses if funds are lost and they are clearly at fault, but if you as a user shared your password or engaged in other behavior that goes against best cyberpractices, you may not be covered.
Robust fintech platforms will have certain features in place. These include antivirus and malware scanning for their networks, multifactor authentication and data encryption, to name some of the most important. There is no guarantee that a company won’t be hacked. But if it’s prudent with its processes and procedures and trains its employees to recognize social engineering attacks, you should have confidence that you’re working with a trustworthy platform.
If your fintech app wants to aggregate your financial accounts into one place, you’ll want to take care in understanding how your accounts are linked. Most preferable are apps that use APIs (application programing interfaces) to connect to other websites — as opposed to storing your username and password directly. API programming is a more modern, secure way of granting access from one app to another.
For example, if you’re linking your Capital One credit account to Mint so it can analyze your spending patterns, the API allows a connection between the two systems and deauthorizes the connection from your Capital One at any time without having to change your account password. Sites like Capital One will let you see every third-party system they’re sharing your account data with.
You’ll want to audit these links from time to time —and you can easily shut off the data feed should you stop using a certain fintech app in the future. This prevents your personal data from being shared permanently with another company long after you want it to — like your credit card transactions being sent to another place without your knowledge.
If you like to try out the newest apps but may stop using them if they don’t make the cut, checking your data feed is key.
Also, keep in mind that sharing a password with another person may void a financial institution’s online security guarantees. If you’re caught sharing a password, you may be liable for any money that is taken out of your account without your permission.
You’ll also want to be mindful about reusing passwords and making sure they are strong. Use a password generator to generate new passwords for each app and update them regularly.
If you’re choosing a new fintech brokerage or bank account, make sure that your assets are covered by industry-specific safeguards like FDIC insurance or SIPC investor protections. These will help protect invested assets — to a degree. SIPC and FDIC coverage helps protect investor assets up to certain limits if a broker or member fails for whatever reason.
The FDIC normally insures the first $250,000 a depositor puts into a bank account. In theory, if the bank fails, $250,000 of cash would be protected, but anything in excess of that would be lost. The recent failure of Silicon Valley Bank is proof of how imperative it is to ensure your money is FDIC-protected.
SIPC coverage provides similar protection for securities held at a brokerage firm if, for example, a firm like Robinhood were to fail. We have seen recently how dramatically tech companies are cutting jobs and reorienting their businesses. A fintech might have looked like a unicorn a year ago but could have seen its revenue or startup funding dry up in 2023.
Investing in cryptocurrencies can be riskier because similar protections do not exist for crypto assets.
If you’re considering investing money with a newer fintech, and you’re not sure how stable they are, a conservative approach would be to keep the level of assets at or below the relevant FDIC or SIPC coverage limits.
Educate yourself about the protections a fintech company provides.
Fintech is designed to make life easier for investors. When implemented correctly, these technologies can provide some great features, insights and efficiencies. Just be sure to spend a few minutes researching the company you’re entrusting your finances with to understand the benefits and/or risks that come with their services.
If it offers sufficient protections, you’ll gain a degree of comfort. If it doesn’t, keep looking — there are definitely companies out there that will take your security seriously.
--
This article was written by and presents the views of our contributing adviser, not the Kiplinger editorial staff. You can check adviser records with the SEC or with FINRA.