How to improve security when using third-party money management apps and websites

Sharing your login information can be risky. You deserve to know as much as possible about how third-party services work before deciding if they are right for you.

What are data aggregators?

Data Aggregators are firms that aggregate consumer financial data at the direction of customers for a variety of purposes including traditional financial aggregation which provides customers a consolidated view of their accounts held at various financial institutions. Customers provide their online credentials directly to data aggregators who use and store this information to obtain financial account and transaction data.

What are we doing to help you?

We are working with many third-party providers to implement a more secure way they can access accounts without requiring our clients who use these services to share login information. As these more secure features launch you may be prompted to provide consent and reauthenticate in MyMerrill.

What do I need to know about sharing my account information with third parties?

We value customer choice and want you to securely access your information when and where you want. Sharing your account information with third party apps and websites can potentially expose you to privacy and security risks, and should be carefully considered.

Any data shared with a third party will be governed by the third party's privacy and data retention policies. We recommend reviewing those policies before sharing your data to understand how the third party will use and store your account information. For example, look for whether they sell any of your information, and what happens to your data if you leave the service or it goes out of business.

Is it safe to share my login information with third-parties

When you share your login information with a third-party, they have the same access to your information as you do. This means you usually can not choose how much information they can access. Furthermore, they store your login information, which could be compromised if they have a security breach. Even if you are not actively using the third-party service or you stop using it, they could still continue to access your information.

Other things you can do to help protect your information

• Set up a security alert reminding you to change your passcode regularly.
• Use two-factor authentication wherever offered.
• Keep your contact information up to date to ensure we can get in touch with you quickly if we detect unusual account activity.