[A quick update on where the bidding stands in the Bloggers for Charity auction. The top bid now is $400 by Dr. Dale Rathgeber. If you’d like to make a bid, you may want to hurry. Bidding will close on December 16, 2011.]
A recent discussion on Canadian Money Forum over the advantages of using a financial aggregation service such as mint.com to track expenses reminded me of this earlier warning from the Financial Consumer Agency of Canada (FCAC) about the possible risks involved in disclosing online banking and credit card information to third parties:
Consumers should be aware that if they disclose their online banking information to any other party, including financial aggregators, they may risk losing their protection against unauthorized transactions. Some financial institutions’ user agreements clearly state that users will be responsible for unauthorized transactions if they provide other parties, including financial aggregators, with their passwords and account information.
I looked up the terms and conditions of TD Canada Trust and RBC to check if disclosing id and password to aggregation services will completely void security guarantees against unauthorized transactions. TD Canada Trust’s online guarantee states: “TD Bank Group is not responsible for unauthorized access to accounts online or losses that occur as a result of you voluntarily disclosing your Access Card number, Connect ID, MyInsurance username and passwords, or the careless or improper handling, storing or disclosure by you of this information”. If I am reading this right, it means that a banking client will only be responsible if an unauthorized transaction were to occur as a result of disclosing ID and password to, say, mint.com but other unauthorized transactions would be covered by the guarantee.
The terms and conditions of RBC’s online access are very explicit regarding aggregation services (perhaps because RBC itself offers one called myFinanceTracker). RBC says that a client may choose to share her password with an aggregator but RBC will not be responsible for any losses that may result from the client sharing the password.
It seems to me that the online access terms of TD Canada Trust and RBC are not as draconian as I had assumed (i.e. disclosing passwords will invalidate security guarantees against *all* unauthorized transactions). Nevertheless, Canadians interested in signing up for Mint.com or similar aggregators should first check their online access terms and conditions to make sure they will not be losing protection against unauthorized transactions.