July 22, 2019

Is Personal Capital Safe

This article contains references to products from our partners. We may receive compensation if you apply or shop through links in our content. You help support CreditDonkey by reading our website and using our links. (read more)

Personal Capital offers free budgeting tools. But is it safe to link all your financial accounts? Learn just how secure Personal Capital is.

What Is Personal Capital?

Personal Capital is a convenient, all-in-one personal finance toolkit. You can link all your accounts (bank accounts, credit cards, loans, and investments) for a complete snapshot of your finances, including:

  • Transactions
  • Account balances
  • Portfolio performance

But are there risks in keeping all of your financial info in one place? Read on.

Check out our in-depth review of Personal Capital to see if it's right for you.

Security Concerns

Security is a huge concern in face of the massive data breaches in recent years. Is it really safe to link all your financial accounts, supply passwords, and store the info in the cloud?

There are two main security concerns:

  • Data Transmission: How safe is it when you enter bank account information, passwords, etc.?

  • Data Storage: How does Personal Capital protect and store your data? Can employees and hackers see your credentials?

    Let's take a look at Personal Capital's security and answer these questions.

    Did you know? Personal Capital's CEO is Bill Harris, also the former CEO of PayPal and Intuit. He co-founded PassMark Security, the authentication process used by most of the major U.S. banks.

    How Personal Capital Encrypts Your Data

    Personal Capital uses very strong encryption to hide your data. This includes:

    • Multi-layer key management, including rotating user-specific keys and salts

    • TLS v1.2 protocol to establish a secure channel when sending information

    • ECDHE key exchange for Perfect Forward Secrecy

    • 256-bit AES encryption, which is basically military-grade encryption used by the U.S. government

    What is 256-bit Encryption?
    256-bit refers to the key length. In this case, it means the key has 2256 different possible combinations. It'll pretty much take millions of years to crack.

    All that probably means nothing to you, so let's put it very, (very) simply:

    Every time you log in and transmit information, Personal Capital encrypts (or hides) your data by using a coded cipher. Basically, it scrambles your data so snoopers can't read it.

    The data is sent over a secure encrypted channel to their servers. The encrypted message can only be solved by a shared secret key between your device and their server. A new unique key is generated every time you communicate information with Personal Capital. The key is never stored or reused. This way, past sessions can never be decrypted.

    Your data is encrypted both when being transmitted and when stored. No one has access to your credentials.

    Personal Capital's website encryption gets an A+ rating by Qualys SSL Labs. This is a stronger rating than most major banks or brokerages.

    Other Security Measures

    Other security measures include:

    • Secure Servers
      Personal Capital's data centers are protected with numerous perimeter security and firewalls. The data centers operate under stringent financial and international security standards.

    • Secure Data Storage
      Your credentials are stored with Yodlee, not in Personal Capital's database. That means that no one, including a hacker, can access your login data from the Personal Capital interface. This provides an added layer of security (more on this later).

    • Strict Internal Access Controls
      No one at Personal Capital has access to your credentials.

    • 2-factor Authentication
      This requires you to authorize each new device to make sure it's really you.

    • Extra Mobile Protection
      Get extra log-in protection on the mobile app via Touch ID (on iPhone) or PINS (on iOS and Android).

    • Regular Third-Party Security Audits
      This includes a year-round private bug bounty program with Bugcrowd. Personal Capital also uses Verisign and other security solutions to protect the site.

    Personal Capital uses essentially unbreakable military-grade encryption for your data storage and connections. It has a lot of other security measures in place to ensure that your data stays safe and that a hacker can't access your account.

    What Happens if Personal Capital Gets Hacked?

    Even if Personal Capital's data center gets hacked, or if someone gets into your account, your information would still remain secure. Personal Capital's platform is read-only - no one has access to your accounts except you. No one can perform any actions on Personal Capital, such as moving money out of an account. Not even you.

    So if a hacker somehow breaks into your account, they would only be able to read your financial information. They wouldn't be able to withdraw, transfer, or spend your funds. Your money still stays in your various financial accounts.

    A hacker also would not be able to get the usernames and passwords to your accounts. Personal Capital never sends credentials to your browser. Your login information will never be exposed.

    Your money is NOT at risk when you link accounts to Personal Capital, since the app has no access to it. It provides a read-only report of your accounts.

    Does Personal Capital Store Information?

    Personal Capital does NOT store your bank and brokerage credentials in their own database. Instead, they're stored at Yodlee, a leading provider in the financial data aggregation business.

    Yodlee is the one that accesses your accounts, stores your credentials, and provides your data to Personal Capital. Personal Capital merely displays the information for you.

    So the real question is: how safe is Yodlee?

    Yodlee has bank-level security and is supervised and audited by the federal government. It adheres to strict security and risk management standards. This includes:

    • 256-bit AES encryption

    • Multiple layers of firewalls

    • All client credentials are encrypted both when entered and when stored

    • No human access to databases

    • Multiple layers of intrusion detection systems running 24/7

    • Frequent security audits by financial institutions (nearly 200 audits in the past 24 months)

    Hundreds of banks trust Yodlee to provide financial technology services. Chances are, you're already using Yodlee and don't even know it. Yodlee has no security breaches to date.

    So Is Personal Capital Safe?

    Personal Capital is safe to use to track your bank and credit cards, net worth, and investments. It uses military-grade 256-bit AES encryption to keep your credentials safe. Your money is not at risk when you link your accounts, as Personal Capital is read-only and no one can move your funds.

    While nothing you do online is 100% safe, Personal Capital has put all the necessary protections in place to protect your data.

    You could argue that using Personal Capital to view your finances is safer than logging in directly to your various banks from your browser. Here's why:

    • Your laptop is less secure than a data center. It only takes accidentally downloading a malware to compromise your computer.

    • You risk exposure every time you log into your bank account. With Personal Capital, you don't enter your bank credentials each time, so they're not transmitted.

    • Personal Capital has the ability to maintain state-of-the-art security measures more than you do.

    • Personal Capital is read-only. You can't actually perform any actions. So a hacker wouldn't be able to move money out of your accounts.

    Personal Capital's strict security measures makes it safer to view your financial information than if you were to log in directly to your bank or brokerage websites.

    Bottom Line

    Nothing is 100% safe, but Personal Capital has taken exhaustive steps to prevent your data from being stolen. It uses the strongest encryption available and the highest security measures.

    Keeping all your accounts in one place is actually safer, since you don't have to keep entering your login info on each separate banking or investment website. In the event that your information is compromised, there is no risk of losing money.

  • Note: This website is made possible through financial relationships with some of the products and services mentioned on this site. We may receive compensation if you shop through links in our content. You do not have to use our links, but you help support CreditDonkey if you do.

    More from CreditDonkey:

    Personal Capital Review

    Personal Capital vs Quicken

    Personal Capital vs Mint


    Leave a comment about Is Personal Capital Safe?
    Email (won't be published)

    About CreditDonkey®
    CreditDonkey is a stock broker comparison website. We publish data-driven analysis to help you save money & make savvy decisions.

    Editorial Note: Any opinions, analyses, reviews or recommendations expressed on this page are those of the author's alone, and have not been reviewed, approved or otherwise endorsed by any card issuer.

    †Advertiser Disclosure: Many of the offers that appear on this site are from companies from which CreditDonkey receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear). CreditDonkey does not include all companies or all offers that may be available in the marketplace.

    *See the card issuer's online application for details about terms and conditions. Reasonable efforts are made to maintain accurate information. However, all information is presented without warranty. When you click on the "Apply Now" button you can review the terms and conditions on the card issuer's website.

    CreditDonkey does not know your individual circumstances and provides information for general educational purposes only. CreditDonkey is not a substitute for, and should not be used as, professional legal, credit or financial advice. You should consult your own professional advisors for such advice.

    About Us | Reviews | Deals | Tips | Privacy | Terms | Contact Us
    © 2020 CreditDonkey