Safe and Secure Financial Software
Safe and Secure
Our highest priority is keeping your financial data safe and secure. We use multiple layers of security, in every component of our systems, to keep your accounts and your money safe, and your information private.
To report a security vulnerability or issue, please contact us.
Protecting Your Data
All sensitive information is protected at rest and in transit
Data is encrypted with AES-256 with multi-layer key management, including rotating user-specific keys and salts.
Strict internal access controls - no individual at Personal Capital has access to your credentials.
Strong Encryption
Our website's encryption is rated A+ by the world-renowned Qualys SSL Labs, a stronger rating than most major banks or brokerages. We stay on top of security vulnerabilities and keep up-to-date with best practices, such as:
Our servers require clients use the most secure TLS v1.2 protocol, older TLS and SSL insecure versions are not allowed
We utilize a highly trusted Extended Validation certificate, Certificate Transparency, OCSP stapling and Strict Transport Security (HSTS) technology
We also use ECDHE key exchange to allow for Perfect Forward Secrecy (PFS) of your communications with us
Fraud Detection Using Personal Capital
After linking your accounts to Personal Capital, you can use our Transactions page to look at all transactions across all accounts.
Our opt-in Daily Transaction Monitor email sends a daily list of new transactions, making it easy and fast to check for suspicious activity in your accounts.
Robust Authentication
Maintain your security. Protecting your username and password are just the start.
You must first authenticate each device that accesses your account. Before you can access your account on any new device, you'll receive an automated phone call, email, or SMS asking to confirm your identity.
Extra mobile protection on iPhone with Touch ID authentication, and mobile-only PINs on iOS and Android.
Partnering With The Industry Leader To Keep Your Credentials Safe
Benefit from our partnership with Yodlee, a financial technology industry veteran, to facilitate aggregation of your accounts. With over a decade of experience connecting with financial institutions, Yodlee provides an added layer of safety between your data and anyone who would want to access your account information. Your bank and brokerage credentials are only stored at Yodlee, not in Personal Capital's database.
Your credentials are safer in Yodlee's data center than they are in your browser!
Don't Just Take
Our Word For It
Be confident, we perform regular 3rd party security audits to test and verify the integrity of our systems:
We operate a year-round private bug bounty program with leading partner Bugcrowd. Security researchers are always looking for ways to improve our security
We also use Verisign and other state-of-the-art security solutions and practices to protect our site
Internet Security Pioneers
Rest assured, when it comes to online security, there's not much we haven't seen. The entire staff at Personal Capital understands the challenges of Internet security - as well as the crucial importance of keeping you safe. Personal Capital's founder, Bill Harris, previously co-founded PassMark Security, the company that designed the online authentication system that is now used by most of the major banks in this country.
No One Can
Touch Your Money
In the event that your Personal Capital account is ever compromised, our application design ensures that you are still safe.
You can't move your money in, out, or between any accounts you link to our dashboard. Neither can anyone else.
We never send you credentials to your browser. After linking your accounts, your credentials are stored at Yodlee and are only ever sent directly to your financial institution.