Safe and Secure
Our highest priority is keeping your financial data safe and secure. We use multiple layers of security, in every component of our systems, to keep your accounts and your money safe, and your information private.
To report a security vulnerability or issue, please contact us.
Safe and Secure
Our highest priority is keeping your financial data safe and secure. We use multiple layers of security, in every component of our systems, to keep your accounts and your money safe, and your information private.
To report a security vulnerability or issue, please contact us.
Protecting Your Data
All sensitive information is protected at rest and in transit
Data is encrypted with AES-256 with multi-layer key management, including rotating user-specific keys and salts.
Strict internal access controls - no individual at Personal Capital has access to your credentials.
Strong Encryption
Our website's encryption is rated A by the world-renowned Qualys SSL Labs, a stronger rating than most major banks or brokerages. We stay on top of security vulnerabilities and keep up-to-date with best practices, such as:
Our servers prefer TLS 1.2, and also support TLS 1.1 and TLS 1.0
We don't allow SSLv3, RC4, or other insecure protocols or ciphers
We use ECDHE key exchange for Perfect Forward Secrecy
Fraud Detection Using Personal Capital
After linking your accounts to Personal Capital, you can use our Transactions page to look at all transactions across all accounts.
Our opt-in Daily Transaction Monitor email sends a daily list of new transactions, making it easy and fast to check for suspicious activity in your accounts.
Robust Authentication
Maintain your security. Protecting your username and password are just the start.
You must first authenticate each device that accesses your account. Before you can access your account on any new device, you'll receive an automated phone call, email, or SMS asking to confirm your identity.
Extra mobile protection on iPhone with Touch ID authentication, and mobile-only PINs on iOS and Android.
Partnering With The Industry Leader To Keep Your Credentials Safe
Benefit from our partnership with Yodlee, a financial technology industry veteran, to facilitate aggregation of your accounts. With over a decade of experience connecting with financial institutions, Yodlee provides an added layer of safety between your data and anyone who would want to access your account information. Your bank and brokerage credentials are only stored at Yodlee, not in Personal Capital's database.
Your credentials are safer in Yodlee's data center than they are in your browser!
Don't Just Take
Our Word For It
Be confident, we perform regular 3rd party security audits and test to verify whether the integrity of our systems:
WhiteHat Security performs around-the-clock security testing on our site
Our iOS apps have passed the rigorous AppSecure certification process by NowSecure
Personal Capital operates under SEC (Securities and Exchange Commission) jurisdiction and is audited for compliance with SEC cybersecurity regulations
We also use Verisign and other state-of-the-art security solutions and practices to protect our site
Internet Security Pioneers
Rest assured, when it comes to online security, there's not much we haven't seen. The entire staff at Personal Capital understands the challenges of Internet security - as well as the crucial importance of keeping you safe. Personal Capital's CEO, Bill Harris, previously co-founded PassMark Security, the company that designed the online authentication system that is now used by most of the major banks in this country.
No One Can
Touch Your Money
In the event that your Personal Capital account is ever compromised, our application design ensures that you are still safe.
You can't move your money in, out, or between any accounts you link to our dashboard. Neither can anyone else.
We never send you credentials to your browser. After linking your accounts, your credentials are stored at Yodlee and are only ever sent directly to your financial institution.
