It doesn't matter if it violates your bank's terms of service, it's not an enforceable term. For example, banks cannot refuse to pay out if you were a victim of fraud because you gave your credentials to an aggregator (regardless of whether or not the fraud was related). The EFTA has anti-waiver provisions that state a bank's Reg E obligation to make customers whole after unauthorized transactions cannot be waived by contract.
