Truelayer appear to be illegitimately harvesting personal financial data whilst acting on behalf of Freetrade

I have recently tried to add my private bank account to the platform to be able to transfer funds in and out. During the process you are directed to a third party called TrueLayer who operate the Open Banking system on behalf of Freetrade. You are asked to agree to give access to a number of elements of information from you bank account which seems wholly inappropriate and an abuse of the position.

Some of those are as follows -

  • 'List when your accounts were opened and what currency they are in’

  • ‘View account holder type’

  • ‘Confirm whether your available balance exceeds a given amount’

  • 'View your transactions (including card payments, Direct Debits, Direct Credits, Faster Payments and Standing Orders’

  • ‘View your Savings Goals’

  • ‘View your account balance’

  • 'View your transfers into your Savings Goals’

  • ‘View the status of a payment to your payee - UK GBP payment’

I have taken this up with the help team but they just don’t seem to get what the issue is.

The matter is wholly unacceptable and seems to be collecting data with a view to profiling the user and selling on the information to other parties.

Does anyone else have any thoughts on this, have you taken Freetrade to task over this?

1 Like

With respect, I think you’re being a little paranoid. Some permissions like this are done in such a way to avoid having 5 permissions for each thing that would quite reasonably be linked/associated with another permission. This is done with things like Android app permissions all the time, for the sake of simplicity.

Some of this is clearly needed.

The first is needed to check your bank account currency is the same as the one used by the platform.

Account holder type is - I assume - would be along the lines of checking that the account is for a single person, rather than a joint account. Perhaps an important consideration for ISA top-ups.

If the balance is inadequate to cover what you’re trying to add to your account, there needs to be an error screen or whatever.

Transactions could well be to check that anything outstanding won’t take you over the limit when the payment you want to add to your :freetrade: account is deducted.

Status of a payment may well be there to help them check the payment as it’s in progress/do some kind of call back.

I’ll grant you that the three prior to the final one seem odd. However, I don’t work in the banking industry and there could be a legitimate reason for them being there. Plus, things like “savings goals” could only be there in case the application that’s using it supports that functionality. It might not be read if it’s not relevant. We just don’t know.

I think it’s out of order on your part to act like this company is definitely profiling you and wants to sell your personal data. Sure, ask why they’re needed. Perhaps contact Truelayer. But starting out in an outraged position is almost asking to be made to eat crow later.

I think we have to give Freetrade the credit to be able to sensibly choose a payment partner like this. If you think Freetrade as a company are making bad decisions, why would you trust them with your money in the first place?

I mean no offence, but I dislike this whole theme I’m seeing lately. “Ideas” in the forum about how Plus should be cheaper and that certain features are “needed”. Without access to the data Freetrade have, posts along those lines are ignorant and may as well say “I know how to run your company better than you do”. Chances are that’s far from the truth. If you don’t like how a company does business or their partners, don’t use them. Absolutely enquire as to why a payment partner needs access to certain information, but I think it’s a little rude and insulting to Freetrade to come out with accusations about their partners, rather than questions. To me, that implies that you think the people at Freetrade are incompetent, or make poor decisions.

16 Likes

If you’re really concerned you can put in a request to see the data they hold on you and how it’s used. But per your post your issue is with TrueLayer not Freetrade.

5 Likes

I’m sorry I disagree. I have contacted both Freetrade and TrueLayer however my account is with Freetrade whom select TrueLayer as their partner. Freetrade is ultimately responsible.

Yes. It’s nonsense. Sorry, but you asked.

Edited to add: This seems to be quite the assertion (my emphasis):

8 Likes

*** 'List when your accounts were opened and what currency they are in’**

The date of opening is irrelevant. I’m not seeking credit approval.

*** ‘View account holder type’**

I’ll accept that it could be necessary to establish if it’s a personal account.

*** ‘Confirm whether your available balance exceeds a given amount’**

My bank would reject the payment if there were insufficient funds, it doesn’t;t need the third party. This is in place to establish the balance and potentially an indication of your worth.

*** 'View your transactions (including card payments, Direct Debits, Direct Credits, Faster Payments and Standing Orders’**

Of what relevance is it to this organisation with whom do I have direct debits/credits and standing orders?

*** ‘View your Savings Goals’**

My savings goals are my business. Not relevant to making or receiving payments to a share trader.

*** 'View your transfers into your Savings Goals’**

My transfers to savings are my business. Not relevant to making or receiving payments to a share trader.

I’m quite happy to share relevant information where there is a need for it, here it is not justifiable.

2 Likes

Actually, I kind of agree with the OP. I’d rather not deal with TrueLayer at all, I’d much prefer them to support direct debits, take card payments or just tell us the reference number and destination bank details and let us pay via our own banking app.

But, even having given Truelayer permission to access my account, really the only permission it needs is to pay a nominated account. Everything else can be verified on their end when the money arrives. If funding FT takes you overdrawn, that’s your own problem, and also you could have a free overdraft allowance.

7 Likes

As much as I think the OP is overreacting and this is overblown, people have been sued over allegations of illegal behaviour on online forums. It’s worth keeping in mind that an allegation of this kind is a serious thing and not to be made lightly. As I don’t know much about the banking industry and not much more about software development, I prefer to take a cautious approach. However, the OP is welcome to potentially overreact and potentially be sued for slanderous allegations.

You can disagree if you like but when you processed with TrueLayer you accepted those conditions so you are dealing with TrueLayer, like it or not.

Freetrade won’t be able to tell you what data TrueLayer holds on you.

Just like if I use PayPal as part of my ecommerce shop, and you buy from me, I can’t tell you what data PayPal holds on you.

2 Likes

Also, my bank uses a 2FA token. It’s kind of reassuring I have to enter it every time I top up, so I know they don’t have access to my account when I’m not using it, but it’s also a bit worrying that the code I have to generate is the log-in code rather than the authorise payment code. It does appear to be running on the bank’s own website though, so I guess the bank trusts Truelayer not to misuse the permissions it’s been granted.

On behalf of freetrade… Who’s to say freetrade get passed any of that info? If you have issues, speak to true layer

2 Likes

You misunderstand Mike. I have not processed with Trulayer, and I won’t be either.

Whether you like it or not, Freetrade are responsible for choosing their partners.

2 Likes

That’s not how third party access works. Once you give them access they have access to those things for at least 90 days or until you revoke access.

However. Maybe I’m missing something, it where is it giving truelayer these permissions?

Could you share more info? As when I make a top up it never asks for permissions and it isn’t added to my bank as a third party but only as a single transaction.

This is not correct. The service is being provided to the customer by freetrade not truelayer. Freetrade is the person you talk to, truelayer would be within their right to tell you to go away and speak to the person you’re actually getting services from.

1 Like

Ralf it has nothing to do with the security of the data, my point is that it is an infringement of privacy to request access to the data without good reason. Moreover you cannot opt out.

If you are using Trulayer you granted them access for 30 or 90 days, they don’t need your permission again within that period.

2FA is irrelevant to the discussion, a completely different topic.

Oh I see. Sorry I misunderstood - my bad. So your issue is you can’t deposit because you don’t trust TrueLayer.

That’s fair and you have that right to be concerned who you share your info with. And yea in that case you’re right it is Freetrades choice who they use as partners.

But honestly given they have hundreds of thousands of users who don’t have the same concerns I can’t imagine them changing this anytime soon so you may need to be OK with it or use another broker.

3 Likes

I don’t think it’s irrelevant. I think my bank gates their access to my account at all behind the 2FA. Certainly, I’ve had to sign in using 2FA every top-up, and they’ve all been done at less than 30 day intervals.

Paul I’m not suggesting Freetrade is being passed the info, in fact I doubt they even know what their partner is collecting.

TrueLayer are collecting data from customers of Freetrade that is not required for the purposes for which they’ve been engaged.

Is this when setting up the linked account in the first instance? Definitely something to get an answer for from freetrade as the actual top ups themselves are done via third party payment and not third party access. So third party access isn’t required to make future topups

1 Like

Indeed, but you miss the point Ralf. The 2FA is for your security, your access, and you alone.

Trulayer will have access via the Open Banking system, and you would have granted them access for the period, be it 30 or 90 days. They do not need your 2FA input before they dive in to your account.

Furthermore the topic here is that TrueLayer are harvesting data from the accounts of customers. 2FA is a security access protocol. Different topic.

Mike it’s becoming clear from the replies here that people don’t realise what they have agreed to when signing up for TrueLayer, which probably explains why there’s been no concern.

I will reiterate, I have no issue with supplying legitimate information for the purposes required.

It’s akin to going to buy a car and them not selling it to you unless you tell them the colour of your wife’s pants. They simply do not need to know that, however harmless it may seem.

1 Like