What Happens When You Connect Your Bank Account

When you decide to connect your bank account to MyFam360, you might naturally worry: “Am I giving MyFam360 access to my bank login? Can they see everything? What if they get hacked?”

These are reasonable concerns. This post explains exactly what happens, how the Account Aggregator framework protects you, and why this approach is safer than alternatives.

---

The Scenario You Should Avoid

Imagine a finance app asks: “Enter your bank username and password so we can pull your transactions.”

This is a red flag. Here’s why:

1. You’re sharing your bank credentials with a third party — if MyFam360 is compromised, your login is compromised
2. MyFam360 becomes liable for your bank account security — if credentials are leaked, you and the bank might both pursue legal action against them
3. It violates your bank’s terms of service — you’re not supposed to share your login with anyone
4. It’s not verifiable — there’s no audit trail proving you consented to this specific access

Better finance apps don’t ask for this. Better apps use an Account Aggregator (AA).

---

What an Account Aggregator Is (And Why You Should Care)

An Account Aggregator is an RBI-regulated financial service that acts as a secure intermediary between you and your bank.

The Flow (Simplified)

You → Account Aggregator ← Your Bank
        ↓
     MyFam360

What you do:

1. Initiate bank connection in MyFam360
2. MyFam360 redirects you to the AA’s secure portal
3. You authenticate with your bank (username/password)
4. You approve MyFam360’s request to access your transactions
5. The AA retrieves your transaction history
6. The AA shares sanitized transaction data with MyFam360
7. MyFam360 imports your transactions

Key point: Your bank credentials never leave your bank. You never share them with MyFam360.

---

Why This Matters: Three Scenarios

Scenario 1: MyFam360 Gets Hacked

Without AA (risky):

• Hackers find MyFam360’s database with stored bank credentials
• They use your credentials to access your bank account
• They can withdraw money, open loans, change account settings

With AA (safe):

• Hackers find MyFam360’s database
• They see only transaction history that was already synced
• They cannot access your bank account because they don’t have your credentials
• Your bank remains secure because only the AA has your login

Scenario 2: An Employee Goes Rogue

Without AA (risky):

• A disgruntled MyFam360 employee with database access steals your credentials
• They can directly access your bank account

With AA (safe):

• An employee can see only transaction data they’ve already accessed
• They cannot steal credentials because MyFam360 never stores them
• All AA access is logged and auditable — if someone tries to retrieve your data improperly, it’s detected

Scenario 3: Data Breach Recovery

Without AA (difficult):

• Your bank credentials were compromised
• You must change your bank password immediately
• You must assume your account is potentially at risk
• You may need to cancel cards, monitor accounts, file fraud reports

With AA (simpler):

• Transaction history in MyFam360 is exposed
• But your bank account itself is safe (credentials were never shared)
• You simply revoke MyFam360’s access through the AA
• No action needed on your bank account

---

How the Account Aggregator Works (Technical)

When you connect your bank account, here’s what actually happens:

Step 1: You Initiate Connection

You click “Connect Bank Account” in MyFam360 Settings. MyFam360 redirects you to the AA’s secure portal with a consent request:

Consent Request:
- Purpose: Retrieve your bank transactions for personal finance tracking
- Scope: Read-only access to transaction history (no write access)
- Duration: 12 months (renewable)
- Data types: Transaction date, amount, merchant, transaction type

Step 2: AA-to-Bank Authentication

You log in with your actual bank credentials — directly to your bank’s secure portal (facilitated by the AA). Your credentials stay with your bank. The AA never sees them.

Step 3: Bank Verifies Consent

Your bank asks: “Do you authorize [AA name] to share your transactions with [MyFam360] for [personal finance tracking]?” You approve.

Step 4: AA Retrieves Data

The AA connects to your bank using standard banking APIs (OAuth-like flows) and retrieves:

Transactions:
- 2026-04-15: Debit ₹5,200 | Swiggy | Food & Dining
- 2026-04-14: Debit ₹1,500 | ICICI Bank | Transfer
- 2026-04-13: Credit ₹75,000 | Salary | Employer Transfer

Notice: No personal identifiers, no account number, no PAN. Just transaction data.

Step 5: AA Shares With MyFam360

The AA encrypts and sends this transaction data to MyFam360. MyFam360 receives it over TLS (encrypted in transit) and decrypts it (encrypted at rest).

Step 6: MyFam360 Imports

MyFam360 imports these transactions into your account:

Expense: Swiggy, ₹5,200, Food & Dining, 2026-04-15
Transfer: ICICI Bank, ₹1,500, Transfers, 2026-04-14
Income: Salary, ₹75,000, Salary, 2026-04-13

You can now see all your bank transactions in MyFam360, searchable and categorizable.

---

What You’re NOT Sharing

To be crystal clear, connecting your bank account does NOT share:

Data	Shared?	Why Not?
Bank password	❌ No	Only your bank sees it
Account number	❌ No	AA sanitizes before sending to MyFam360
Full bank details	❌ No	Only transaction-level data shared
PAN / Tax ID	❌ No	Not included in transaction data
Credit card details	❌ No	Only transaction amounts, not payment instrument details
Personal identification	❌ No	Transaction data is anonymized
Account balance	❌ Depends*	*Only if explicitly included in AA data; can be disabled

---

The RBI Framework (Regulatory Protection)

Account Aggregators exist because of RBI’s Open Banking Framework. Here’s what that means for you:

You Have Legal Rights

Under the RBI’s Consumer Protection Framework:

1. Right to know — You must be informed what data is being shared, with whom, and for how long
2. Right to consent — Your explicit approval is legally required; it’s not pre-approved
3. Right to revoke — You can stop data sharing at any time
4. Right to transparency — The AA must maintain audit logs of all data access
5. Right to grievance — If something goes wrong, you have a formal complaint procedure

Regulated Participants

All parties involved are RBI-regulated:

• Your Bank — licensed by RBI, bound by data protection regulations
• Account Aggregator — licensed by RBI, subject to strict security and audit requirements
• Data Recipient (MyFam360) — not directly licensed, but contracted to comply with AA standards

If an AA violates your rights, you can file a complaint with the RBI’s Consumer Grievance Redressal System.

---

Disconnecting Your Bank Account

You can disconnect at any time. Three methods:

Method 1: MyFam360 Settings (Easiest)

Settings → Bank Account → Disconnect

MyFam360 sends a revocation request to the AA. Within seconds, MyFam360’s access is terminated.

Method 2: AA Customer Portal

Log in to the Account Aggregator’s app/portal → Revoke MyFam360 access.

This also immediately terminates MyFam360’s access.

Method 3: Direct Bank Request

Contact your bank and inform them you’ve revoked MyFam360’s access through your account settings. (This is redundant if you’ve used methods 1 or 2, but you can do it for extra assurance.)

What Happens After Disconnection

• ✅ No new transactions are synced to MyFam360
• ✅ Past transactions remain visible in MyFam360 (they’re now local copies)
• ✅ You can manually add transactions if desired
• ✅ Your bank account remains fully secure

---

Common Concerns (Addressed)

“What if the AA gets hacked?”

The AA (Setu or others) is a regulated financial service with dedicated security teams and insurance. A breach would be public and highly regulated. Your bank account remains protected because credentials are never shared.

”How do I know the AA won’t sell my data?”

RBI regulations strictly prohibit AAs from selling or misusing data. They can only use it for the purposes you consented to. Violations result in license suspension or revocation. It’s not optional compliance — it’s structurally enforced.

”What about auto-renewals?”

When your AA consent expires (default: 12 months), you’ll receive a notification. You must explicitly re-approve continued access. It doesn’t auto-renew.

”Can MyFam360 access my credit card if it’s linked to the same bank?”

No. The AA can only access accounts you explicitly connect. If you don’t connect your credit card, MyFam360 never sees it.

”Does the AA work with all Indian banks?”

Yes. All major Indian banks (ICICI, HDFC, Axis, SBI, Kotak, Federal, IndusInd, Yes Bank, etc.) are part of the RBI AA network. If you have an account at an Indian bank, your AA can connect it.

---

The Broader Context: Open Banking in India

Connecting your bank account to MyFam360 via an AA is part of a larger trend called Open Banking.

Open Banking means:

• You own your financial data
• You can choose to share it with apps you trust
• Sharing is secure and auditable
• You can withdraw sharing at any time

This is transformative for personal finance in India. It means:

1. Better apps — Finance apps can now work with real transaction data instead of asking you to manually enter every transaction
2. Lower friction — Connecting your bank takes 30 seconds instead of weeks of manual data entry
3. More competition — With APIs standardized by RBI, new finance apps can launch faster and compete on features, not just bank relationships
4. Better recommendations — Apps like MyFam360 can give smarter budgeting suggestions because they see your actual spending patterns

---

What MyFam360 Does With This Data

Once MyFam360 receives your transaction data via the AA, we:

1. Categorize — Automatically tag transactions (Food, Transport, Utilities) using merchant names
2. Analyze — Calculate your spending patterns, savings rate, budget adherence
3. Report — Show you visual reports and insights about your money
4. Secure — Encrypt sensitive fields (amounts, account identifiers) at rest

We do NOT:

• Sell or share your data with advertisers
• Use it to train advertising models
• Share it with marketers or brokers
• Use it to make credit decisions about you
• Retain it longer than necessary

Your financial data exists in MyFam360 to serve your financial goals, not ours.

---

Next Steps: If You Decide to Connect

1. Open MyFam360 Settings → Bank Account
2. Click “Connect Bank”
3. You’ll be redirected to the Account Aggregator (Setu)
4. Log in with your bank credentials (on Setu’s secure portal, not MyFam360’s)
5. Approve MyFam360’s data request
6. Return to MyFam360 — transactions are now syncing

The whole process takes 2–3 minutes.

---

See Also

• Your Data Rights Under India’s DPDP Act — legal framework and your rights
• How AI Features Work Without Seeing Your Personal Data — privacy-first feature design
• Your Financial Data Is Encrypted at Rest — how we protect synced data
• RBI Account Aggregator Framework — official RBI guidance (external link)
• Privacy Policy (link in app footer) — complete details on data handling