When I was considering signing up for Personal Capital to track my finances and net worth in one place, one of my first questions was “Is Personal Capital safe to use?”
Thankfully, my research showed that Personal Capital is generally a safe way to monitor and track both your finances and your net worth.
Others agree. Personal Capital is currently helping over 2,000,000 families plan their financial lives with their free software.
However, Personal Capital isn’t technically 100% safe. But if you really think about it, no online tool, including your own bank account, is 100% safe either.
Personal Capital takes the security of your personal and financial information very seriously. If they didn’t, they would have quickly gone out of business.
Personal Capital offers many tools to make managing your finances easier. To accomplish this goal, they show you a snapshot of your entire financial picture in one place.
In order to display all of your information in one place, they need to gather this information. You must give Personal Capital your username and password for your financial accounts so they can gather your data.
This is where people are usually most wary of using Personal Capital. Thankfully, Personal Capital keeps this information safe using a variety of tools and systems.
Here’s what you need to know about the security Personal Capital uses and the risks you face whenever you use the internet.
Technical Ways Personal Capital Keeps Your Information Safe
Personal Capital uses a lot of technical tools to protect your data and keep it safe.
Secure Passwords And Two-Factor Authentication
First, Personal Capital makes you use a secure password and two-factor authentication in order to log in to your account.
Two-factor authentication requires you to use a special code every time you log into your account from a new device. The code is usually sent to your phone or an email address. This is important because only you have access to it.
This feature makes hacking into your account much harder. A criminal must know both your password and have access to the device to gain access to your account.
Read Only Access With Financial Institutions
Even if a criminal did manage to hack into your account, they couldn’t do anything but look at your finances.
The connections Personal Capital makes with banking and financial institutions are read-only. That means no transactions can be made using the Personal Capital service.
One of the main tools they use is encryption. In fact, the encryption Personal Capital uses is rated stronger than most major banks and brokerages by Qualys SSL Labs.
Technically, they use encryption called AES-256 with multi-layer key management. Additionally, Personal Capital’s servers require their clients to use the most secure TLS v1.2 protocol. They won’t accept less secure versions of TLS or SSL.
They also use other encryption technology including:
- A highly trusted Extended Validation certificate
- Certificate Transparency
- OCSP stapling
- Strict Transport Security (HSTS)
- EDCHE key exchange to allow for Perfect Forward Secrecy (PFS)
Credentials Stored With The Industry Leader
While you type your financial account credentials in to Personal Capital’s website, Personal Capital actually uses another company, Yodlee, to manage your credentials and the connections to your financial accounts.
Yodlee is the industry leader in the financial technology industry when it comes to aggregating data from financial accounts. In fact, Yodlee has more than 1,100 financial institutions, fintech providers and advisors as clients.
Using Yodlee adds extra layers of safety between a criminal that wants to access your accounts and your data. Thanks to the Yodlee and the internal controls at Personal Capital, no individual at Personal Capital has access to your credentials.
Third Party Security Audits
Personal Capital doesn’t only rely on its internal security team to make sure your information is safe.
First, Personal Capital has a year-round private bug bounty program.
This program is with BugCrowd which has security researchers looking for ways to improve Personal Capital’s security. The researchers get rewarded if they find flaws that need to be fixed.
Additionally, they use state-of-the-art security solutions and practices as well as Verisign to protect the Personal Capital website.
Other Ways Using Personal Capital Is Safer Using Multiple Accounts
Personal Capital doesn’t just use technology to keep your information safe.
Limits Chances For Criminals To Steal Information
One way to limit the number of chances criminals have to access your data is by only logging in to one account.
Personal Capital’s financial dashboard offers this solution. With this tool, you don’t have to log in to each of your financial accounts every day to check for fraud.
When you think about safety on the internet, there are many ways people can gain access to your information.
Criminals can send phishing emails to gather your account login information. They can install spyware and keyloggers on your computer to learn your login information. They can hack the companies to try to find your login information, too.
What makes matters worse is the fact people often reuse passwords. If a criminal finds your login information for one website through any of the above methods, they may try it on others to see if it grants them access to your accounts.
These are just a few ways criminals can gain access to your accounts.
By only logging in to Personal Capital on a regular basis, you’re providing fewer opportunities for them to gain access to your information.
If you update your liquid net worth on a spreadsheet, having all of this information in one place can save you a ton of logins.
Get Lists Of Transactions By Email Instead Of Logging In Daily
Personal Capital takes security seriously. They’ve added an awesome feature so you don’t even have to log in to Personal Capital to monitor for fraudulent transactions.
You can opt-in to a daily email that lists all of your transactions across all of your accounts. While a daily email may seem like a bit much, it’s actually a great idea.
I can’t tell you how many times I’ve forgotten about a transaction just a few days after I made it. If I only received weekly emails, I might struggle to identify if a transaction is fraudulent or real.
However, daily emails make it much easier to monitor transactions. I actually remember everything I purchased throughout the day.
A Safety Culture From The Foundation Of The Company
Bill Harris is the founder of Personal Capital and a current member of the board of directors. He has previously worked as CEO at PassMark Security, Intuit and PayPal. Security is paramount in all of these companies.
Personal Capital also has a Chief Information Security Officer, Maxime Rousseau. That’s not all. They have a Chief Technology & Information Officer, Fritz Robbins, as well.
Strategies You Can Use Everywhere To Keep Your Information Safe
It’s good to know that Personal Capital takes securing your information seriously. Don’t stop there. You should take your own security seriously, too.
Here are a few tips to try to keep your information out of the hands of the bad guys.
- Use strong long passwords with capital and lowercase letters, numbers and symbols.
- Don’t reuse passwords. Each account should have a unique password.
- Change passwords to sensitive websites regularly.
- Don’t log in to sensitive accounts on public WiFi. Only use secure home WiFi or cellular data.
- Don’t log in to sensitive accounts on public devices such as library computers.
- Use unique answers to secret questions that aren’t something someone can look up about you.
- Type in the address to websites manually. Don’t follow links in emails to log in to your accounts.
- Don’t save passwords or usernames on phone banking apps.
- Use virus and spyware prevention and detection tools.
Is Personal Capital Safe To Use?
Yes, Personal Capital is generally safe to use. In fact, using Personal Capital could be safer than using some of your other financial accounts.
If you’re still on the fence, here’s a list of the things that make Personal Capital safe to use.
- A secure password is required
- Two-factor authentication required when logging in to a new device
- Read-only access means transactions can only be viewed and no transactions can be generated
- Serious encryption technology
- Credentials aren’t stored at Personal Capital and are instead stored at the industry leader, Yodlee
- Third party security audits are used to identify any potential weaknesses before criminals find them
- You limit logins to other accounts to prevent potential phishing attacks
- You log in less often due to daily transaction list emails that combine transactions from all accounts
If these safety facts don’t put your mind at ease, chances are you shouldn’t be using online banking at all. Yes, that includes online banking with your primary bank, too.
While I personally feel Personal Capital is safe enough for me to use, you have to decide if it’s safe for you based on this information.
If you think you’d like to take advantage of the benefits Personal Capital has to offer, including daily transaction notifications to help you monitor for signs of potential fraud, you can sign up here.
Nothing Is 100% Safe
You must remember nothing is ever 100% safe. You can’t even stay 100% safe by keeping your financial transactions offline.
Even if you kept all of your money in cash in your house, it isn’t safe. A fire could burn it up. A burglar could steal it.
Remember, your banking and financial accounts are technically at risk at the institutions, as well. These institutions use the internet and intranets to do business.
The best thing you can do is be aware of the risks, make smart decisions and monitor your accounts regularly for fraud. Thankfully, Personal Capital makes this easier with its top notch security.
In fact, you could say using Personal Capital makes your finance safer because you can monitor everything in one place and look for signs of fraud without having to log in to multiple accounts.
These are some of the many reasons I trust and use Personal Capital to track my net worth and monitor my finances.
You can open a Personal Capital account here to start monitoring all of your accounts in one place, too.
What questions do you have about Personal Capital and its safety? Did I answer your question “Is Personal Capital safe?” Let me know in the comments.
Lance Cothern, CPA holds a CPA license in Indiana. He’s a personal finance, debt and credit expert that writes professionally for top-tier publications including U.S. News & World Report, Forbes, Investopedia, Credit Karma, Business Insider and more.
Additionally, his expertise has been featured on Yahoo, MSN, USA Today, Reader’s Digest, The Huffington Post, Fast Company, Kiplinger, Reuters, CNBC and more.
Lance is the founder of Money Manifesto. He started writing about money and helping people solve their financial problems in 2012. You can read more about him and find links to his other work and media mentions here.