Personally, services that ask for your bank account credentials are a “no go” for me. The passwords themselves are likely stored securely, but the fact they are stored at all is concerning.
All it takes is a bad actor within the company to re-write the screen scraping to then impersonate the users and have them wire out money to a foreign bank account. Some anti-fraud systems might catch this activity but for people that use the wire system on a frequent basis it might go unnoticed.
Or they may screen scrape the information and sell it on the black market. Wouldn’t be too hard to target a specific group (elderly, retired) since you already have their bank credentials which subsequently has reliable/verified demographic information and account balances.
All it takes is a bad actor within the company to re-write the screen scraping to then impersonate the users and have them wire out money to a foreign bank account. Some anti-fraud systems might catch this activity but for people that use the wire system on a frequent basis it might go unnoticed.
Or they may screen scrape the information and sell it on the black market. Wouldn’t be too hard to target a specific group (elderly, retired) since you already have their bank credentials which subsequently has reliable/verified demographic information and account balances.