Banking

Increase In Digital Banking Raises Consumer Data Privacy Concerns: How To Protect Yourself

Digital banking makes it easy and convenient for consumers to manage their financial lives, including doing everything from paying bills to sending money to shopping online. And that’s become especially important as the Covid-19 pandemic changes the way people carry out banking tasks.

In the latest World Retail Banking Report, 57% of consumers say they now prefer internet (online) banking to traditional branch banking. And 55% of consumers now prefer using mobile banking apps to stay on top of their finances, up from 47% in the pre-pandemic era.

But the transfer of personal and financial information through digital channels raises an important question: How much of your personal data is protected and kept private?

According to a 2020 study published by KPMG, 87% of consumers say data privacy is a basic human right. Yet 68% say they don’t trust companies to ethically sell their personal data.

If you use online or mobile banking, person to person payment apps or digital wallets, or if you shop online, then you may share similar concerns about how your data is being managed. Here’s a closer look at what protections exist—and what you can do to protect yourself when managing your financial life online

What’s Protected Under Federal Consumer Privacy Laws

Europe set a precedent for consumer privacy protections in 2018 with the passage of the General Data Protection Regulation (GDPR). This sweeping privacy law expanded consumer control over data access and use, including the right to request that personal data be destroyed by the agency collecting it.

In the U.S., no uniform federal standard similar to GDPR exists for regulating the collection and use of consumer data. There are, however, some federal guidelines in place that apply to how banks and financial institutions manage consumer privacy.

This guidance includes the Gramm-Leach-Bliley Act (GLBA), which is enforced by both the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB). It requires financial institutions to give consumers notice about the type of information they collect and share with third parties. More importantly, this law specifies that customers be given the opportunity to opt out of having their information shared.

In other words, you have to be given a chance to say no to having nonpublic personal information shared with third-party companies. Financial institutions have to tell you what the process is for opting out when sending out privacy notices. The GLBA leaves how this is done up to the bank. For example, you may need to call the bank to opt out or fill out a form.

There are several categories of exceptions to the customer’s ability to opt out, however. The GLBA doesn’t prevent a bank or financial institution from sharing nonpublic personal information:

  • For the purposes of completing a banking transaction authorized by the consumer, including disclosure to service providers who perform tasks such as mailing out statements, and including for the purposes of performing a credit check
  • For the purposes of preventing fraud, responding to a judicial process (such as a subpoena) or complying with applicable federal, state or local law
  • With a company that is functioning on behalf of, or performing services for, the bank or financial institution if that information is used for marketing the institution’s own products and services or used to market certain projects or services jointly with another bank

Aside from the GLBA, consumer privacy is addressed by other federal laws. For instance, the Fair Credit Reporting Act (FCRA) restricts how banks can share information about you with other financial institutions. Specifically, information that’s not related to your transactional history with the bank can’t be shared without your consent. The Right to Financial Privacy Act (RFPA) outlines rules that government agencies must follow before they can obtain your banking or financial information.

Digital Banking Faces Challenges in Closing Privacy Gaps

With no all-encompassing federal law in place, banks and other financial institutions, including companies that offer digital financial services, face increasing pressure to be proactive in managing consumer privacy. For instance, 80% of bank executives polled in the World Retail Banking Report cited cybersecurity and privacy as major concerns as the shift to digital banking continues.

Some states are helping to make this easier by introducing consumer privacy legislation. The California Consumer Privacy Act (CCPA), for example, gives consumers specific rights, including:

  • The right to know what personal information is being collected, how it’s shared and how it’s used
  • The right to delete that information, with some exceptions
  • The right to opt out of having personal information sold
  • The right to nondiscrimination for exercising their rights under the CCPA

The CCPA also obligates businesses covered by this law to provide consumers with privacy notices. Other states, including Florida, New York and Washington, have introduced similar pieces of legislation that would offer consumers more protection when it comes to how their information is tracked and used by digital banking services and financial institutions.

The challenge banks and financial institutions face, however, is that consumers aren’t always proactive in protecting their online personal and financial information themselves. For example, a FICO study released in 2020 found that only 42% of Americans use separate passwords to access multiple accounts. Thirty percent engage in unsafe practices that could potentially compromise their information, such as writing passwords down.

Looking forward, banks and financial institutions may need to take a multipronged approach to manage consumer privacy against the current regulatory backdrop. According to a Deloitte analysis of consumer privacy protections, this approach may include measures like:

  • Considering how consumer privacy concerns may evolve as digital banking and payments evolve
  • Increasing transparency surrounding the collection and use of consumer data to build trust with customers
  • Implementing measures to ensure the safety and security of how personal data is handled and by whom
  • Exploring new technologies or methods for data collection that could better shield consumers from exploitative practices
  • Appointing chief privacy officers and empowering them with the ability to create new, more stringent privacy practices

Digital banking isn’t going away any time soon and, if anything, more consumers will likely use it as an alternative to traditional banking methods. The more banks and financial institutions can do now to get ahead of the curve, the more consumers may benefit when it comes to keeping their information secure.

What You Can Do to Protect Your Financial Information Online

If you’re a regular or even an occasional user of digital banking services, it’s important to understand what you can do to safeguard your personal and financial data. The first step is reading through your bank or financial institution’s privacy notice to understand:

  • What data is being collected about you
  • How that data is collected and how often
  • With whom it’s being shared
  • What your rights are for opting out
  • How you can opt out of information sharing

If you decide you want to opt out of data sharing, make sure you’re following the procedure for doing so outlined in your bank’s privacy notice. And keep in mind that any data that was shared before you opted out remains shareable and can’t be called back.

If you live in California, it’s also important to understand that you have additional rights and protections under the CCPA for managing the collection and use of your information. And if you’re unfamiliar with the protections offered under the FCRA or the RFPA, then it’s worth brushing up on those as well.

Next, consider what you’re doing currently to protect your personal and financial details and what you may be able to improve upon. For example, in the KPMG study, 65% of respondents said they avoided opening email attachments from unknown senders. That’s a good thing, as these can often be a phishing scam in disguise. But the survey also found that only 31% of consumers install mobile device security software and just 20% use a virtual private network (VPN) to get online.

There are a number of things you can do to keep your information safe online. Some of the best ways to do so include:

  • Using secure passwords and updating them regularly
  • Choosing unique passwords for each digital banking account, versus using the same password for multiple accounts
  • Using a secure password keeper
  • Avoiding the use of unsecured public Wi-Fi when accessing financial accounts online
  • Knowing how to recognize email or text phishing scams
  • Only visiting secure websites
  • Installing anti spyware and malware protections on your devices
  • Locking devices using a password and/or biometric login
  • Setting up alerts to track your accounts and monitor transaction activity
  • Enabling multi-factor authentication

While these measures don’t necessarily prevent your bank or financial institution from sharing information with third parties, they can help you keep your data out of the hands of hackers. The more proactive you are about protecting your information, the better, if you’re concerned about being a target for financial fraud.

Finally, if you have concerns over how a bank or financial institution is handling your personal or financial information, the FTC advises reaching out to that company first to ask questions or file a complaint. If you’re not able to get the issue resolved directly, you can also reach out to the appropriate regulatory agency.

For banks that are part of the Federal Reserve System, for instance, this would be the Board of Governors of the Federal Reserve System. You can also direct complaints to the FTC, Federal Deposit Insurance Corporation (FDIC) or the National Credit Union Association (NCUA) if you keep your money at a credit union versus a bank.

Bottom Line

Whether by choice or necessity, more Americans are performing financial transactions online, and this trend is only increasing. These activities range from online shopping, to bank and credit union account management, to monthly bill-paying. As the amount of personally identifiable information that you share online or via mobile proliferates, so do the opportunities for third parties to access data you would consider private. The first line of defense against these potential security breaches is you

More From Advisor

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Latest Personal Finance Videos

    Forbes Advisor

    Forbes Advisor is a trusted destination for unbiased personal finance advice, news and reviews, dedicated to making smart financial decisions simple.

    Learn More