PNC knows that a number of our customers choose to use financial apps that help them to make payments and to manage their finances and investments. We want our customers to be able to use these apps in a safe and secure manner, and we have implemented enhanced security controls specifically designed to help protect customers’ financial accounts and related information.
We also are taking steps to ensure our customers who link their PNC account to financial apps understand how the apps function, as well as the relationship between the financial technology firms, or fintechs, that create and own the apps and third parties.
Financial apps typically ask users to provide their secure banking log-in information and credentials (username and password) so the apps can link to users’ accounts at financial institutions. Fintechs frequently use third-party data aggregators – behind-the-scenes technology companies that serve as a data-gathering service provider to the fintechs – to deliver customer financial data that is used by the financial apps. To do this, fintechs provide data aggregators with information that allows the aggregators to access customers’ account information. That same information has the potential to facilitate fraud if it is not properly protected.
Research issued this week by The Clearing House, a banking association and payments company that supports industry collaboration and development, highlights the need for more effective customer education on this topic. Simply put, customers’ assets and information may be at risk because customers may not know or understand how their sensitive account information is being collected, used, shared and stored.
For example, 80% of financial app users surveyed by The Clearing House were not fully aware that these apps or third parties may store their online banking username and password. Less than 20% of those surveyed knew some financial apps use third parties, such as data aggregators, to access their personal and financial information.
The Clearing House research also shows that only 21% of the financial app users surveyed knew that the apps have access to their financial data until they revoke their bank account credentials. Thus, financial apps may have access to a consumer’s banking data even if they no longer use or have deleted the app.
Further, 79% of those surveyed did not read the terms and conditions of the financial apps they use.
We understand that these research results may cause customer concern. PNC can assure customers that we have specific controls in place to help them manage the security of their personal and financial information. For example, when a PNC customer links their PNC account to a financial app, they are prompted to enter a one-time passcode to proceed. We then send them an alert that confirms they initiated the request. We've also taken steps to protect highly sensitive information that could be used to facilitate fraud or account takeover. Of particular concern to PNC is the storage of account numbers by a third party, because fraudsters, if armed with this information, would have the access they need to move money from our customer accounts.
We support The Clearing House in its national effort to close the gap in consumer awareness on this important topic. And we will remain laser focused on meeting the needs of our customers, while helping to protect their data and assets.