skip to main content


Investing in Your Privacy

January 29, 2021

Some of you, and by extension your spouses and children, may be interested in signing up for trading applications on your smartphones—like Robinhood and WeBull—to take advantage of current market trends. The prevalence of these trading applications in pop culture may invite new investors and may suggest that the information these trading applications collect is secure and protected. However, that is not always the case. To begin trading, or even fund your trading account, these applications usually ask that you use certain third parties, such as Plaid, to verify your financial accounts by providing your online banking username and password. Because you are setting up this access for the purpose of funding your account, this may initially seem harmless. But these third-party processors can use their newly acquired account access to mine transaction and use data and then sell that data to their business partners. Even more concerning is the realistic probability that you cannot truly rely on these third-party processors to protect your access information. Indeed, there are usually strong limitations of liability and disclaimers hidden in their general terms of use. In other words, the seemingly harmless activity of setting up an online investment account through a “reputable” application on the App Store or Google Play could leave you holding an empty bag after your financial information is stolen and used.

Accordingly, instead of providing your online banking log-in information, use a secondary verification method. For example, many trading applications provide a secondary, hidden option that only uses your account and routing number; whereby, the trading application will deposit a very small sum into your account and ask you to verify the amounts deposited. This option is much more secure, as you are not granting anyone access to your accounts or exposing your password. If the trading platform does not offer a verification option that does not require you to provide login information, this is a red flag, and you should consider finding a different trading platform.

In the event that you decide to provide your login information, you should setup and maintain two-factor authorization settings, which request your text or email approval for every attempted log-in. Further, when possible immediately change your password after account verification. Though not entirely secure, this can help to further protect against the unwanted loss of your data or tampering with your financial accounts.

Please note, the risks described above are not unique to trading applications. You should never provide a third party with access to your accounts.

As always, if you have any questions or concerns, please feel free to contact our Kerr Russell data privacy team at any time through the contact information below.

About the authors:

Jeffrey A. MayDetroit Legal News Jeffery May of Kerr Russell practices in the areas of general business law, intellectual property, and litigation with a focus on the increasingly important area of Cybersecurity and Data Privacy Law. He is credentialed as a Certified Information Privacy Professional/United States (CIPP/US). He has prior experience owning and operating a technology-based business. His experience and education allow him to assist clients with a wide range of business issues and litigation matters. Jeffrey helps clients identify and mitigate risks related to data security incidents and breaches. He also helps with information technology policies and practices, and data sharing arrangements with third parties.



Nezar Habhab headshotNezar G. Habhab has a broad transactional practice handling matters related to leasing and purchasing, mergers and acquisitions, entity formation, commercial contracts, as well as data privacy. He works as part of firm’s Data Privacy and Cybersecurity team to draft and review company policies, facilitate cross-border data transfer arrangements, and counsel clients on the risks associated with the control and processing of data around the globe. Additionally, Nezar is experienced in drafting and negotiating a variety of artist, influencer, branding, and licensing agreements in the experiential and marketing space for both SAG-AFTRA and non-SAG talent.



Other posts to consider: