Protecting Member Data From Third-Party Aggregator Services

Synergent takes innumerable actions on any given day to protect you and your members against security risks and ensure system reliability. These efforts range from network maintenance and system monitoring to actively mitigating attacks. Synergent’s actions to protect your members’ information is part of our normal course of business and usually does not warrant your attention.

In addition to these steps, we are continuously watching for actions you or your members can take—or not take—to ensure their financial information is protected. This includes precautions they should follow when using third-party financial aggregator services.

Members are increasingly turning to personal finance services—including,, CashApp, and countless others—to help them manage their money. Some services link directly to a members’ credit union account, allowing them to monitor their spending or pay bills online. Other services aggregate personal financial information in real-time, consolidating member data from multiple accounts like credit cards, loans, savings, checking, and retirement, in one place. For these services to work, your members must freely give them their digital banking login credentials. These services then automatically log in to your members’ digital banking accounts to pull account information and conduct transactions and do so without warning or regard for the systems they are accessing.

While financial aggregator services may provide members a platform for viewing and working with all of their accounts, members should be reminded that anytime they provide a third party their banking account numbers, passwords, usernames, or answers to online security questions they increase the risk of having their financial information breached. A recent breach at Waydev affected 7.5M consumers, some of whom may be your members. The bad actors behind that breach may now have access to home banking credentials for millions of accounts.

One of the most important protective measures your members can take is to change their digital banking logins regularly. Reminding your members to change their passwords is something that should be done on a regular basis. To assist you with this type of communication, a sample message you can share with your members on this topic is below.

If you have any questions or need additional information about third-party aggregator services, please do not hesitate to contact your Account Relationship Manager.

Sample Communication to Members:

Are you using a personal finance app to help manage your money? If you are, you aren’t alone.

Consumers across the country are increasingly turning to apps like,, CashApp, and countless others to monitor their spending. While these apps may provide a platform for viewing and working with multiple accounts, they also increase the risk of having financial information breached. In fact, a recent breach at Waydev affected 7.5M consumers.

If you are leveraging any of these tools, there are some important steps you can take to protect your personal information.

1. Examine the terms of service for apps you are using.

  • Review the app’s data retention policies and determine whether the app resells your information.

2. Find out what security features the app offers to ensure your personal information remains safe.

  • Look for things like two-factor authentication.

3. Always confirm the validity of the app.

  • Don’t provide your account numbers or any personal or financial information on the phone or online unless you initiate the conversation and you know the organization.

4. Change your passwords and security settings often and use a highly secure password for your financial accounts.

  • Secure passwords often contain letters, numbers, and special characters.
  • Avoid using the same username and password on multiple sites.
  • Guard your pins and passwords. Don’t store them on your phone or write them down in a location where others might be able to access them.

5. Change your credit union and other account passwords if you want to remove an app’s access to your accounts.

6. Contact us right away if you feel your information has been compromised!

Always use extreme care when using third party apps. The more services you sign up for and the more devices you use provides criminals additional opportunities to steal your information for their personal gain.