Protecting customers’ financial privacy is crucial for banks, and not just because federal law says so.
The relationship between a bank and its customers is based on trust, and guarding individuals’ personal and financial data is at the foundation. Best practices in account security and data protection are constantly changing, so it’s important to understand the measures your bank is taking to protect you.
Here are three important questions your bank should be able to answer about your financial privacy:
How do you protect my accounts from unauthorized access?
Banks should employ a number of measures to keep individuals’ data and accounts safe, and they should make sure customers are up to date about those measures. At a minimum, these measures should include:
• Two-factor or multi-factor authentication and strong password requirements to keep unauthorized users from accessing accounts.
• Regular security audits and penetration testing, which can identify weaknesses in networks and helps shore up protection against external threats.
• Alert systems that notify you instantly (including by text message or push notification) when any transaction is made involving your accounts.
• Strong encryption practices that protect account data both during and in between online transactions.
Do you share information with third parties?
Banks should not share any of your personal information with third parties without your consent unless it is necessary to do so to accommodate requests you make or to satisfy legal obligations.
Ask your bank about the third parties with which it shares information; often, these include other financial institutions, credit bureaus or marketing companies. Information shared may include personal data, transaction details or credit information.
Your bank may allow to opt out of third-party sharing, but if you choose to do so, be aware of the consequences (such as limited service offerings). Your bank’s privacy policy should be easy to find and should clearly state how your information is being shared.
How can I find out about past data breaches and how they were addressed?
First, ask the bank directly. Banks are usually required to notify customers if their information has been compromised in a data breach. When such an event occurs, many banks will offer credit-monitoring services or identity protection for their affected customers. If the bank has not had any recent security incidents, ask about its response plans and policies.
Agencies such as the Comptroller of the Currency, the Federal Deposit Insurance Corporation and the Federal Reserve Board provide oversight, receive complaints and offer resources for bank consumers.
The Consumer Financial Protection Bureau’s Consumer Complaint Database offers thorough, searchable data on how financial institutions respond to complaints so you can get an idea of what to expect from a bank based on documented, unbiased reporting.