1

Sites like PersonalCapital require you submit your account login details for every one of your banking account providers.

Could personal capital potentially log into your financial accounts and make changes? What if personal capital is hacked?

These sites don't really seem safe to me, since they ask for financial account passwords, and could do whatever they wanted with this data.

  • Do you use direct deposit for anything like work paychecks? They can withdraw too! It all depends on whether you trust them. – Neil McGuigan Mar 25 '16 at 21:22

2 Answers2

1

Who, besides the owner of the sites, says they are secure?

One big problem is that they must store your password in a recoverable manner. This is contrary to best practice. No matter what the site does, there must be some way to get the clear-text password. This is definitely a risk.

While IANAL, I know that banks' user agreements typically require you to keep your password secure and hold you liable for damages if, for example, you give your username and password to a third party. This is different from, say bank account numbers. Those are not intended to be secret and you are not liable if they are misused, provided you didn't actually partake in their misuse.

The sites are, of course, likely to be targets of attackers due to their high value.

Neil Smithline
  • 14,702
  • 4
  • 38
  • 55
1

Most of those services (like Personal Capital, Wealthfront, Betterment,...) are pulling data from banks through third-parties like Yodlee or Plaid (and Quovo, acquired by Plaid). According to these services' privacy policies, they don't store your bank's passwords, but the mentioned third-parties do.

bart
  • 111
  • 1
  • 2