A consumer watchdog is warning advisors and consumers about fintech applications due to data-sharing and privacy concerns.

The chief problem, said Linda Sherry, director of national priorities for Consumer Action, is that many fintech apps are designed to integrate directly with banks and investment accounts by storing and using a consumer’s passwords.

“We often don’t know the first thing about these companies,” Sherry said. “We don’t have any way to follow after we’ve linked our accounts and check back to make sure we’re connected securely, so it becomes an issue.”

Sherry is calling for tighter regulation on fintechs and a federally mandated right-to-data privacy for consumers. “Most people are so busy, we shouldn’t be putting these burdens on them," she said. "The vetting we should logically do just falls by the wayside, and that allows a bad actor to sneak in quickly and gain access to our data.”

Many fintechs still use an obsolete technique called “screen scraping” that collects data that shows on digital display—literally reading off of what a user would see on their screen—to aggregate a user’s financial information, Sherry said.

More secure, modern fintechs connect directly with a user’s financial services provider using technology like tokening and application programming interfaces to share data safely and directly.

Advisors and financial firms need to be cautious about referring clients to different fintech applications to help manage their finances, Sherry said.

“Most of these companies disavow any kind of liability in their fine print, not that consumers read it,” she said. “Many consumers assume that if there’s fraud or a breach, the financial services company will make good on it. There’s definitely a danger in saying 'go use this app' when in fact the data practices may not be robust in those places.”

Even companies that use modern tokening technology to create a digital “handshake” between an app and a financial data provider are disavowing liability for breaches, Sherry said.

This is a cause for concern because even the largest financial companies, like Equifax, are vulnerable to hackers.

“You wouldn’t have thought that one of the three main credit bureaus would have been subject to a breach, you would have thought that they would have had a tighter hold on their data,” Sherry said. “Years later, I’m still getting email telling me my information is out on the dark web.”

Advisors and their clients need to make sure they understand who has access to their financial data, and where that data resides, she said.

Companies that purport to offer “free” services, commission-free trading apps like Robinhood, and account aggregation and budgeting tools like Intuit’s Mint, are of particular concern.

“Most people realize somewhere inside of them that there’s no free lunch, and you get what you pay for a lot of times,” Sherry said. “I would be very careful about using or recommending fintech tools if I wasn’t sure that the company had a good structure for accepting liability, making complaints and helping a consumer when things go wrong. That could go bottoms-up in a hurry.”

Sherry provided a set of tips for the end-client to help protect their data:

• Discontinue service with any apps no longer in use.

• Change passwords if there’s uncertainty about which applications and institutions have access to data and login information.

• Always read an app’s terms and conditions, along with their privacy disclosure.

• Opt-in to receive security and account updates from financial institutions and credit card issuers.

• Check resources available from financial institutions, like banks and brokerages, for using fintech apps safely.

“If you just google fintech apps, you’ll find so many companies are coming to market that it’s impossible to keep them straight, and the average consumer or advisor won’t always want to go with big names,” Sherry said. “The big names that bubble up are sometimes the ones that are charging huge fees and are dominating the market to the disadvantage of consumers, and there are so many that I would be cautious about recommending."

Founded in 1971 as a telephone hotline, Consumer Action offers alerts, educational materials and tips to Americans to help protect them from fraud.