Financial Aggregator Services FAQs
Financial Aggregator Apps and Websites
Financial aggregator services (like Mint, Plaid, Quicken, Credit Karma and others) offer easy access to a wealth of consolidated information. But they also present a security concern because they require you to provide your login credentials (username and password) for financial accounts you want to pair with these services. You should weigh the risk against the benefits of using an aggregator service. If an aggregator is breached, your account login credentials and recent account history data may be stolen, making you a target for fraud. Learn more about account takeover fraud.
All financial institutions weigh the benefits of these services against the unintended security risks associated with sourcing consumer data. If you decide to pair your financial account(s) with an aggregator service, we encourage you to research first to be sure it's one that's widely considered to be trustworthy and secure.
BECU Money Manager
BECU's Money Manager tool in Online Banking offers a secure way to view your entire financial portfolio in one place. You can track spending and identify trends, create a budget online, set timely alerts, track your net worth, and more. Visit our Money Manager: Finances Made Easy page for more details.
BECU authorizes the IP addresses of financial aggregator services that are widely considered to be mostly safe. Smaller aggregator services may not have established relationships with financial institutions, and they may not be capable of adequately securing your sensitive information. If an aggregator is breached, your account login credentials and recent account history data may be stolen, making you a target for fraud. Learn more about account takeover fraud.
Our goal is to minimize inconvenience, while safeguarding your accounts. Aggregator services that BECU deems to be trustworthy are authorized using the aggregator's IP address. At some point, these approved aggregators may change their IP address without notifying us. If BECU doesn't recognize the source (IP address) as being authorized, we may block the attempt to access your account.
If you've successfully linked your account to a trusted service in the past, and it's not working now, you may need to reconnect to the aggregator service by logging in to your account through their app.
If an aggregator service you've synced your account within the past is unable to access your account(s), they may send you a text message or email to notify you that they could not perform their service. Even if you do receive a notification, the message may not provide clear information about the issue the aggregator encountered. Unfortunately, we can't be sure how aggregator services will contact you in this situation.
You may receive this type of notification when an aggregator's attempt to access your account triggers BECU security monitoring. But it could also be a spoofed message impersonating BECU. If the message is part of a scam, your login credentials can be stolen if you attempt to log in to your account from the message link. We strongly recommend against ever clicking on links in text messages or emails, even if they appear to come from BECU. Learn more about fraud alert phishing scams.
If you're concerned about the authenticity or purpose of a notification you've received, we recommend you call us at 800-233-2328 or send a secure message using Messenger in Online Banking or the mobile app. You can also email our security team at phishing@becu.org to report suspicious activity. We monitor these email notifications only during business hours. Please do not send confidential information in your email message.
If a financial aggregator service is unsuccessful in attempting to access your account, it could trigger a notification from the service or from BECU security monitoring to alert you about the login attempt. A message like this could also be a lure that's part of a smishing scam. We can't be sure how the aggregator services will contact BECU members. Unfortunately, it can also be difficult to tell the difference between a legitimate notification from BECU and a spoofed message impersonating our security monitoring.
If you're concerned about the authenticity or purpose of a notification you've received, we recommend you call us at 800-233-2328 or send a secure message using Messenger in Online Banking or the mobile app. You can also email our security team at phishing@becu.org to report suspicious activity. We monitor these email notifications only during business hours. Please do not send confidential information in your email message.
We strongly recommend that you don't click links in text or email messages, even if they appear to be from BECU. The message could be part of a scam, and clicking the link could take you to a legitimate-looking page that's really a trap. If you enter your username or password, they could be stolen by whoever set up the fraudulent page. Learn more about fraud alert phishing scams.
If you have concerns about the authenticity of a message you received, call BECU directly at 800-233-2328, or send a secure message using Messenger in Online Banking or the mobile app.
We also encourage you to report suspicious activity to our security team at phishing@becu.org. We monitor these email notifications only during business hours. Please do not send confidential information in your email message.