You are now leaving our website and entering a third-party website over which we have no control.
Your Security and Fintech Apps
Third-party (non-TD) financial technology (fintech) apps and data aggregators often store and access your digital bank account username, password and account information to provide services that may help you manage your money, invest, borrow and send money. Find out how these apps use your data and what you can do to help protect yourself.
Get informed: fintechs and data aggregators
We know how much you value safety, security and transparency when it comes to the use of your data. That’s why we want you to understand how the financial products and services offered by fintechs and data aggregators work, what they do with your data and how you can protect yourself. We believe in supporting customer choice, but we also want you to have the right information to make an informed decision.
-
What you need to know
-
How to protect yourself
-
FAQs
How fintech apps access your info
To verify you are logging in with TD when using a third-party app, check the site's URL located in the address/location bar of your browser and confirm it starts with https://authentication.td.com or https://onlinebanking.tdbank.com. If it doesn't, then you may be interacting with a third party, not TD.
If you provide a fintech with your online banking credentials, it will have access to all of your online banking information. Many aggregators use a robot or other automated process—also known as screen-scraping—to log in as you and collect your financial and personal information. You should check the terms and conditions of the app carefully to determine how they intend to use the data.
When using a fintech service, you may be choosing to have one or more third parties maintain, use and store your sensitive information, which may include your account numbers, usernames, passwords and other information. If your sensitive information is not properly protected, fraudsters could easily gain access to it and use it to commit fraud against you. This could include accessing your online accounts and moving your money. While aggregating your personal information in a single location may offer potential benefits such as a clearer picture of your overall finances, it also increases fraud and security risk.
Yes. When you share your username and password with these fintech apps, you are giving them the digital keys to your account; they will be able to see everything you can see when you log in to your online account, which may include your name, address, phone number, account numbers, transactions and other information. When you share your information with fintech apps, TD will no longer be able to maintain its privacy and security. We also will not be able to control the purposes for which it is used or with whom it will be shared. Therefore, TD will not be responsible for any harm that results from your use of their services.
TD is committed to helping protect customers. We are working to enable a more secure way for customers to provide access to their financial data with clear, transparent and revocable consent. Learn more about TD’s data access agreement with Finicity that lays the groundwork for these efforts
The easiest way to revoke consent is by logging in to your fintech service and going to their settings/manage connections (or similar) menu bar option. If this is not easy to find, contact your fintech service directly. You should also then change your bank username and password.