Behind the PCB Digital login sits an FDIC-insured community bank — Pendleton Community Bank, Inc., which has banked West Virginia and Virginia from Franklin, WV since 1925 (per its company history and FDIC BankFind entry, cert #6176). The app itself is the customer's window onto a stack of per-member records: account balances, posted and pending activity, monthly statements, internal transfers, mobile check deposits, and debit-card state. PCB Digital ships on iOS and Android under the package bank.yourbank.grip (per its Play and App Store listings), one of a wider "grip" family of look-alike community-bank apps. That shared shell is good news for an integrator: the surfaces are consistent, and a client written for one tenant carries over with the institution key swapped.
If you need that data inside your own systems — a treasury view, a lending pull, a bookkeeping sync — the practical question is which authorized route reaches it and what the client code looks like. This page maps both, written from the angle we lead with: a runnable language client you can drop into a Python or Node service, not a binder of paper.
Member data the app puts behind the login
Each row below is a surface the app's own feature list describes, mapped to where it originates and what an integrator would do with it once a member has authorized access.
| Data domain | Where it surfaces in PCB Digital | Granularity | What an integrator does with it |
|---|---|---|---|
| Account balances & low-balance alerts | Dashboard and the user-set balance alert | Per account, near real time | Fire downstream events when a threshold trips; keep a treasury view current |
| Transactions (bill pay + person-to-person) | Payments and activity history | Per posting, dated, signed amount | Categorize, reconcile, feed a ledger or spend tracker |
| Internal transfers | Transfer between own accounts | Per transfer, with status | Cash-flow sync across the member's accounts |
| Monthly statements | View and save statements | Monthly document, archived | Parse to a normalized ledger; retain the original for audit |
| Mobile check deposit (RDC) | Deposit by photographing front and back | Per deposit item, with images and status | Track accept / hold / reject without assuming instant settlement |
| Debit-card on/off control | Turn card off if misplaced | Per card state flag | Wire card lifecycle into fraud or expense workflows |
| Branch & ATM locator | Find nearby locations | Static geo list | Low integration value; noted for completeness, not a sync target |
Routes that fit a grip-platform bank
Three authorized paths reach this data; which carries the load depends on what you actually need and how durable it has to be.
Consumer-permissioned interface integration
Working from the authenticated traffic of the grip app under the member's authorization, this route reaches everything in the table — including the app-only surfaces an aggregator rarely carries, like RDC status and the card on/off flag. Effort is moderate; durability tracks the app's release cadence, so we version the client against the grip shell and re-confirm field names when the app updates. Access is arranged with you during onboarding, running against a consenting Pendleton login.
Aggregator-rail, consumer-permissioned access
Where Pendleton is reachable through a US aggregator — the Akoya, Finicity, MX, Plaid and Yodlee connections that the wider grip ecosystem already touches — balances, transactions and identity come back read-only through maintained connections. Lower effort, higher durability for those specific fields, but a narrower surface than the app shell. Good as a backbone, not a complete answer.
Native statement export
The monthly statements the app already lets a member save are a clean fallback and a backfill source: stable, document-shaped, and useful for reconciling the live pulls. Slow on its own, dependable as a cross-check.
For most builds the interface route is the spine — it is the only one that reaches card controls, deposit status and transfer history — with the aggregator rail running underneath as the durable balances-and-transactions backbone, and statements parsed in to reconcile the two. We'll say plainly which mix fits once we see what you're pulling toward.
What lands in your repo
The deliverable is code you can run, with the documentation around it — not a spec you then have to implement.
- A runnable Python and Node.js client for the mapped surfaces: login and device-token refresh, balances, transactions with cursor-based delta sync, statement retrieval, transfer reads, debit-card state, and RDC status.
- A poller / webhook layer around the balance-alert surface, so a low-balance event can push into your own systems instead of being checked by hand.
- An automated test suite built on recorded fixtures from the consenting login — contract tests that pin the field shapes the client depends on.
- A sync design covering the bulk statement backfill and the scheduled delta pull, with the cursor and retention model written down.
- An OpenAPI/Swagger description of the mapped surface, a protocol and auth-flow report covering the token and session chain, interface documentation, and data-retention guidance — the reference material that sits behind the code.
A statement-and-transaction pull, end to end
The snippet below is illustrative — endpoint paths and field names are confirmed per institution against a consenting PCB Digital login during the build, not guessed from outside. It shows the shape we hand over: an institution-scoped session, a token exchange that mirrors the app's 4-digit passcode or biometric, and a cursor pull so each run only fetches new activity.
# pcb_grip client — illustrative; field names verified during the build
from pcb_grip import GripSession
s = GripSession(institution="pendleton-community-bank") # tenant key for the grip shell
s.authenticate(passcode_token=tok, device_id=device) # device-bound sign-in
# delta sync: ask only for activity after the cursor we stored last run
page = s.transactions(account_id=acct, since_cursor=cursor, limit=200)
for txn in page.items:
ledger.upsert(
external_id = txn.id, # stable per posting
posted = txn.posted_at,
amount = txn.amount_minor, # signed minor units
memo = txn.description,
status = txn.status, # "posted" | "pending"
)
cursor = page.next_cursor
# monthly statements: backfill + reconcile against the running ledger
for stmt in s.statements(account_id=acct, since="2026-01"):
archive.put(stmt.document) # keep the original artifact
reconcile(ledger, stmt.parsed_lines)
if page.session_expired:
s.refresh() # re-bind the device token within its window
Normalized shape we map onto
Whatever the raw responses look like per tenant, the client normalizes to a small, stable schema so your code never depends on the grip shell's internal naming:
// account
{ "institution": "pendleton-community-bank", "account_id": "…",
"type": "checking", "currency": "USD",
"balance": { "available_minor": 0, "ledger_minor": 0, "as_of": "…" } }
// transaction
{ "account_id": "…", "id": "…", "posted_at": "…",
"amount_minor": -2599, "status": "posted",
"description": "…", "category_hint": null }
Consent and the US data-rights picture
Pendleton Community Bank is an FDIC-insured, state-chartered community bank, and that frames how the data is reached: under the accountholder's own permission, logged, scoped to what the use case needs, and revocable. We keep consent records, minimize the fields pulled to the ones the integration actually uses, and work under an NDA where the engagement calls for it.
The federal rule that would have compelled standardized access — the CFPB's Section 1033 Personal Financial Data Rights rule — is not something to build against today. A federal court has enjoined its enforcement and the Bureau reopened it for reconsideration (per the CFPB's reconsideration docket), so for a bank this size the durable footing is the member's authorization, not a mandate. Where §1033 lands after rulemaking may change the picture later; it is the forward-looking piece, not current law, and we treat it that way.
Engineering notes specific to this build
Two things about PCB Digital shape the work, and we handle both rather than hand them to you as conditions.
- The shared grip shell is multi-tenant. Because Pendleton runs the same app as a dozen other community banks, the client is built around an institution key and we confirm Pendleton's field set against its own login during the build — so the integration targets this bank's backend and never assumes another tenant's response shape.
- Mobile check deposit is asynchronous. A deposit returns image artifacts and a status that changes over time, so we model it as a state machine — submitted, accepted, held, rejected — and poll for status rather than treating a submission as settled funds.
- The sign-in is device-bound. The 4-digit passcode or biometric fronts a device-scoped token; the client refreshes that token inside its window and re-binds the device cleanly. Access for the build is arranged with you during onboarding, against a consenting account or a sponsor sandbox.
Screens from the store listing
The app's published screenshots, useful for orienting an integration to the real navigation and field labels. Click to enlarge.
Other apps on the same community-bank shell
The grip platform powers a run of US community-bank apps with the same surfaces, which is why a single integration approach generalizes across them. Each name below is a real same-category app; the relationship is an ecosystem one, not a ranking.
- United Bank Digital — regional-bank app on the grip shell; balances, transfers and bill pay behind a member login.
- O2 Digital Banking — Old Second National Bank's app; checking, transfers and mobile deposit data per accountholder.
- The Community Bank Digital — grip-platform app with balance alerts, payments and statement access.
- Our Community Bank — Community Bank of Marshall's digital banking app; the same per-member ledger surfaces.
- TX Community Bank — Texas community-bank app; payments, transfers and biometric-secured deposit.
- CCBGAontheGO — Citizens Community Bank (GA) app that also aggregates outside accounts.
- CFG Bank — grip-shell mobile banking with alerts, transfers and mobile check deposit.
- CBNA Mobile Banking — community-bank app exposing balances, activity and statements.
- Commercial Bank App — small-bank digital banking with the same payment and deposit surfaces.
- Peoples Bank Digital — Coldwater-area community bank on the grip platform; standard account-management data.
Questions integrators ask about PCB Digital
We already see Pendleton balances through an aggregator. What does a direct grip-app integration add?
Aggregator rails give you balances, transactions and identity, read-only, with maintained connections — a good backbone where coverage exists. The app shell carries surfaces an aggregator usually won't: mobile check-deposit status, debit-card on/off state, internal transfer history and the saved monthly statements. A direct grip-app client reaches those, and we'll run both side by side when that fits.
How does the client keep transaction sync from dropping postings?
Each pull stores a cursor, so the next run asks only for activity after the last row it saw, and pending items are re-checked until they post. We reconcile that running ledger against the monthly statement so a missed or re-ordered posting shows up when the statement is parsed rather than going unnoticed.
Can you cover the check-deposit and debit-card-control surfaces, or only balances and transactions?
Those app-only surfaces are in scope. Mobile check deposit is modeled as a state machine — submitted, accepted, held or rejected — with status polled rather than assumed, and the debit-card on/off control is read and exercised through the same authenticated session. We confirm the exact fields against a consenting Pendleton login during the build.
Does the CFPB's Section 1033 rule make a custom integration pointless?
Not today. A federal court has enjoined enforcement of the Personal Financial Data Rights rule and the Bureau has reopened it for reconsideration, so there is no standardized mandate to build against right now. The dependable footing for a PCB Digital integration is the accountholder's own authorization, which is how we scope every engagement.
How to start, and what it costs
A first PCB Digital client — login, balances, a cursor-based transaction pull and statement parsing — lands inside one to two weeks. From there it is your call how we settle it. You can take the source-code delivery: runnable client code plus the docs and tests, from $300, paid only after delivery once you are satisfied with what runs. Or skip the build entirely and call our hosted endpoints, paying per call with nothing upfront. Either way you give us two things — the app name and what you want out of its data — and the access, consent and compliance pieces are arranged with you as part of the work. Tell us what you're pulling toward at openfinance-lab.com/contact.
Sources and review
Compiled from the app's own store listings, the bank's public record, and the current US data-rights docket, checked June 2026. Primary sources opened for this write-up:
- PCB Digital on Google Play (feature list, package id)
- PCB Digital on the App Store (iOS listing)
- FDIC BankFind — Pendleton Community Bank, Inc. (charter, insurance)
- CFPB — Personal Financial Data Rights Reconsideration (Section 1033 status)
Engineering notes by OpenFinance Lab, compiled 2026-06-08.
App profile: PCB Digital
PCB Digital is the customer banking app of Pendleton Community Bank, Inc., a community bank headquartered at 128 North Main Street, Franklin, WV, serving West Virginia and Virginia since 1925 (per company history and FDIC BankFind, cert #6176). It runs on iOS (app id 6463756553) and Android (bank.yourbank.grip) on the shared "grip" white-label banking platform. Published features include balance alerts, bill pay and person-to-person payments, transfers between accounts, mobile check deposit by photographing the front and back of a check, debit-card on/off control, viewing and saving monthly statements, and a branch and ATM locator. Sign-in is secured with a 4-digit passcode or device biometric. Marks belong to their owners; the figures here are attributed to the listings and records cited above and not independently audited.