The Wall Street Journal reported last week that JPMorgan Chief Executive Jamie Dimon discussed with Consumer Financial Protection Bureau chief Richard Cordray the security risks posed by aggregators.Ĭhase and the CFPB declined comment. Who would be liable, though, is an unsettled question of great concern to banks. “You are still outside the provision about giving someone an access device because you didn’t give the hacker permission,” Saunders said. “You don’t need to be a lawyer to understand that you are not a consumer who ‘grants authority to make transfers.’”Įven when people use a bill-pay app that does move money, they are granting access to the app - not to hackers who steal their credentials.
“When you give Mint your bank password, you don’t give them permission to make transfers,” Saunders said. That is the passage that Chase and other banks point to when warning people they may be liable if they share credentials with a third party.īut Lauren Saunders, associate director and managing attorney of the National Consumer Law Center, calls the banks’ position “ridiculous.” Sites such as Mint collect data about transactions but typically are not authorized to make transactions, said Saunders. Customers are fully liable for the transfers until they notify the financial institution that the person is no longer authorized to use the account. The rules say that customers’ negligence - such as writing a PIN on a debit card - does not increase their liability.Ī customer would be on the hook for unauthorized transactions if she gives her card or credentials “and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given,” the rules say. The banks’ warnings, however, are off base.įederal banking rules known as Regulation E ( here) sharply limit customers' liability for unauthorized electronic transactions from their accounts, provided they report the fraud promptly.
“They don’t have the opportunity to cross-sell me.” “Mint makes it so I don’t have to go to the individual bank sites,” said Ranta. However, the same warnings infuriated heavy Mint user Mark Ranta, head of digital payments at ACI Worldwide Inc, who says the banks are far more worried about competition from these aggregation sites than about electronic safety. You don’t want to make it easier,” Armstrong said. The warnings were enough to cause Morris Armstrong, a registered investment adviser and enrolled agent in Danbury, Connecticut, to recently close his account with, a so-called aggregator website and a division of Intuit Inc. JPMorgan Chase & Co and Capital One Financial Corp, for example, warn on their websites that customers could be liable for any fraud in their accounts - even though federal regulations say otherwise.Ĭapital One's site ( here) tells users: "If you choose to share account access information with a third-party, Capital One is not liable for any resulting damages or losses."Ĭhase ( here) admonishes, "If you give out your user ID and password, you are putting your money at risk." LOS ANGELES (Reuters) - Millions of people share their bank account passwords with third-party sites and apps that help them track their spending, but some of the biggest financial institutions, wary of hacking risks, are trying to scare people into not using them.
0 kommentar(er)
