More scare tactics by the big banks, consumers are slowly waking up…
The days of the big banking are slowly dying, read more from this
Reuters report:
Millions of people share their bank account passwords with
third-party sites and apps that help them track their spending, but some
of the biggest financial institutions, wary of hacking risks, are
trying to scare people into not using them.
JPMorgan Chase & Co and Capital One Financial Corp, for example,
warn on their websites that customers could be liable for any fraud in
their accounts – even though federal regulations say otherwise.
Capital One’s site (
here)
tells users: “If you choose to share account access information with a
third-party, Capital One is not liable for any resulting damages or
losses.”
Chase (
here) admonishes, “If you give out your chase.com user ID and password, you are putting your money at risk.”
The warnings were enough to cause Morris Armstrong, a registered
investment adviser and enrolled agent in Danbury, Connecticut, to
recently close his account with Mint.com, a so-called aggregator website
and a division of Intuit Inc.
“People are hacking left and right. You don’t want to make it easier,” Armstrong said.
However, the same warnings infuriated heavy Mint user Mark Ranta,
head of digital payments at ACI Worldwide Inc, who says the banks are
far more worried about competition from these aggregation sites than
about electronic safety.
“Mint makes it so I don’t have to go to the individual bank sites,”
said Ranta. “They [banks] don’t have the opportunity to cross-sell me.”
The banks’ warnings, however, are off base.
Federal banking rules known as Regulation E (
here)
sharply limit customers’ liability for unauthorized electronic
transactions from their accounts, provided they report the fraud
promptly.
The rules say that customers’ negligence – such as writing a PIN on a debit card – does not increase their liability.
A customer would be on the hook for unauthorized transactions if she
gives her card or credentials “and grants authority to make transfers to
a person (such as a family member or co-worker) who exceeds the
authority given,” the rules say. Customers are fully liable for the
transfers until they notify the financial institution that the person is
no longer authorized to use the account.
That is the passage that Chase and other banks point to when warning
people they may be liable if they share credentials with a third party.
But Lauren Saunders, associate director and managing attorney of the
National Consumer Law Center, calls the banks’ position “ridiculous.”
Sites such as Mint collect data about transactions but typically are not
authorized to make transactions, said Saunders.
“When you give Mint your bank password, you don’t give them
permission to make transfers,” Saunders said. “You don’t need to be a
lawyer to understand that you are not a consumer who ‘grants authority
to make transfers.'”
Even when people use a bill-pay app that does move money, they are
granting access to the app – not to hackers who steal their credentials.
“You are still outside the provision about giving someone an access
device because you didn’t give the hacker permission,” Saunders said.
Who would be liable, though, is an unsettled question of great
concern to banks. The Wall Street Journal reported last week that
JPMorgan Chief Executive Jamie Dimon discussed with Consumer Financial
Protection Bureau chief Richard Cordray the security risks posed by
aggregators.
Chase and the CFPB declined comment. Intuit declined comment on the
banks’ warnings, saying in a prepared statement: “Delivering secure and
seamless connectivity is a shared priority across Mint and thousands of
our financial institution partners.”
It is worth pointing out that Mint has never had to announce a
security breach – unlike Chase, which last year reported a cyber attack
had compromised 83 million of its accounts.
Making people reluctant to use account aggregators could just make
them more vulnerable to fraud. Mint and other account aggregators can
help people spot unauthorized transactions that might otherwise go
unnoticed, said independent journalist and technology expert Bob
Sullivan, author of “Stop Getting Ripped Off.”
Rather than scaring people, the financial sites and banks should work
together to create a common secure standard for sharing information –
one that might involve app-specific passwords, Sullivan said.