Budgeting and Money Tracking Apps: Are They Safe?

Popular finance tracking apps and web services use your aggregated financial information to provide tools that help you budget and manage your expenses. But to use these services, you'll need to provide your login credentials (like your BECU account User ID and Password ) for any accounts you want to link. Sharing this sensitive account information could compromise your security. If the third-party service provider is breached, your account login credentials and recent account history data may be stolen, making you a target for fraud. Learn more about account takeover fraud.

Putting member security first

Your account security is important to us, and we are committed to protecting your personal data. We encourage you to carefully consider the risks when deciding whether or not to pair your account(s) with these services. To help you learn how to avoid online security threats, BECU offers free cybersecurity courses in partnership with KnowBe4.

Money Manager is secure and convenient 

BECU's Money Manager tool in Online Banking makes it easy to securely manage all your accounts – including those at other financial institutions – in one place. View your entire financial portfolio to track your spending and identify trends, create a budget online, set timely alerts, track your net worth, and more. Visit our Money Manager: Finances Made Easy page for more details.

Authorizing trusted app services 

All financial institutions weigh the benefits of these services against the unintended security risks associated with sourcing consumer data. BECU authorizes the IP addresses of third-party financial service providers that are widely considered to be trusted and mostly safe (like Mint, Plaid, Quicken, Credit Karma and others). If a third-party app or web service has not been authorized, you won't be able to link your BECU account. This is because smaller service providers may not have established relationships with financial institutions, and they may not be capable of adequately securing your sensitive information. 

If you decide to pair your account(s) with an app or web service that uses your financial information, we recommend that you research first to be sure it's a source that's widely considered to be trustworthy and secure.

Digital habits that protect you

If you decide to provide your account login credentials to an authorized third-party app, make sure your digital habits set you up for ongoing security. Here are some practices that can help ensure data privacy:

• Protect your devices with passwords. Keep your passwords stored and encrypted in a secure password manager app. 
• Avoid using public Wi-Fi networks. If you're going to use free Wi-Fi instead of your mobile data, use a trusted VPN service.
• Enable antivirus protection on your devices.
• Review the app's privacy statement – specifically where it mentions sharing or selling personal data to other third parties to use for targeted ads.
• Look at the app owner. Are they trusted and capable of securing your data?
• Verify the app's encryption standards and two-factor authentication for added security.

Keeping accounts in sync

We sometimes hear from members that their accounts don't stay paired with an app service they've linked to previously. Our goal is to minimize inconvenience while safeguarding your accounts. Although BECU may have previously authorized a third-party service we deemed to be trustworthy, the provider could change their IP address at some point without notifying us. If BECU doesn't recognize the source (IP address) as authorized, we may block the attempt to access your account. 

If you've successfully linked your account to a trusted service in the past, and it's not working now, you may need to reconnect to the service by logging in to your account through their app or website.

Triggered security notifications

Members also report being confused by text messages and emails alerting them about an attempt to log in to their account(s). You may receive a notification if a third-party service you've successfully linked your account to in the past is unable to access your account(s). If the provider does notify you that they couldn't perform their service, the message may not provide clear information about the issue they encountered. Unfortunately, we can't be sure how these services will contact you in this situation.

BECU's security monitoring could also trigger a similar alert if a third-party service is unable to access your account(s). Adding to the confusion, these types of alerts can be spoofed to impersonate BECU as part of a smishing scam. Your account login credentials can be stolen if you click a message link and log in to what looks like BECU's Online Banking screen. Because it can be difficult to determine if a message is authentic, we strongly recommend that you don't click links in text messages or emails, even if they appear to come from BECU. Learn more about fraud alert phishing scams. 

If you're concerned about the authenticity or purpose of a notification you've received, we recommend you call us at 800-233-2328 or send a secure message using Messenger in Online Banking or the mobile app. You can report social engineering attempts that you've received to our security team at phishing@becu.org. This no-reply email mailbox is only used for ongoing monitoring and identifying trends. Please do not send confidential information via email. If you've responded to a communication that you think may have been a scam, it's important that you call us, send us a secure message, or visit a BECU location.