How Safe is the Personal Capital Website?
Do you have a Personal Capital account or are you considering using their free money and investing tools?
Have you been asking yourself is Personal Capital safe to use?
Some may brush your cybersecurity concerns away and tell you to focus on the splendid benefits this platforms offers. Not me.
When I first heard about Personal Capital, I was dazzled by how using it would make managing my money much easier, but I worried about whether Personal Capital is safe to link accounts to.
In fact, I belong to a generation that went to the bank when we wanted to open an account and wrote a check when we didn’t want to use hard cold cash.
- How Safe is the Personal Capital Website?
- Is Personal Capital Safe to use?
- 1. Is my data safe with Personal Capital?
- 2. Is the connection to Personal Capital safe?
- 3. How easy is it to breach the Personal Capital website?
- 4. How does Personal Capital protect me against fraud?
- 5. Can hackers steal my money if my Personal Capital Account is compromised?
- 6. Can Yodlee security be breached, and what happens next?
- What can you do to reduce the risk of my Personal Capital account being compromised?
- The verdict: how safe is Personal Capital website?
Asking myself whether Personal Capital safe to use was more about the regular and disturbing reports of cybersecurity attacks. For instance, only in August 2019 over 114 million records, from small businesses to British Airways e-ticketing, were breached. What I find even more disturbing is that in cybersecurity, this counts as a ‘quiet month’.
You and I are right to question if Personal Capital is a safe site to use – after all, we don’t want to risk our nest egg.
So I set out to conduct a comprehensive Personal Capital security review. My conclusion is that Personal Capital is safe to use. It has cybersecurity provisions that are as safe, often safer, than those of many banks.
Hopefully, this security review will help answer your questions regarding the safety of the Personal Capital site and decide if it is safe to use for yourself.
This Personal Capital security review includes a small bonus for you. Because your safety online is a combination of the safety of the platforms and the measures people take to make it harder for hackers, we have included a list of cybersecurity rules you must observe.
Is Personal Capital Safe to use?
Personal Capital is a wealth management powerhouse that brings all your financial accounts together, offers an overview of your net worth, and provides ideas about how to allocate your money and investments for the best long-term outcomes.
It is a robust financial and wealth management tool. To use it to advantage, you must provide information about and the credentials for your financial accounts.
And here is the problem: you are entirely justified to ask if Personal Capital is safe to use given the nature of information you are asked to provide.
Below, I have framed the key internet security concerns regarding Personal Capital as six questions.
1. Is my data safe with Personal Capital?
There are two things you must understand before we go any further.
First, the matter of data security is key when deciding how safe is Personal Capital because the information you provide includes details of your financial accounts and the credentials to access them. Now, this is serious stuff!
Second, you must understand how the Personal Capital security system is organized and where the passwords and other credentials for your accounts are stored.
Let’s talk about how Personal Capital deals with data first.
Personal Capital uses very strong encryption. I could talk here about military-grade AES-256 and multi-layered key management. Since this makes little sense to me, I won’t. It suffices that the Personal Capital website’s encryption is rated A+ by the Qualys SSL Labs (a stronger rating than most major banks and brokerages).
Personal Capital also operates very strict internal access controls; e.g., no one at the company has access to your credentials. In other words, no one at Personal Capital can access your passwords.
Now, let’s turn to the question about the storage of your account passwords and credentials.
Bonus: Best Robo Advisor Guide
Does Personal Capital store your passwords?
We all know that there is no such thing as a 100% secure website. For that matter, there is no such thing as a 100% secure house alarm – when professionals get to work, security systems fall.
What is the way to increase the level of cybersecurity (and, respectively, make your data safer)?
You not only encrypt data; you keep it in different places.
Here it means that your passwords and credentials are not kept in the Personal Capital databases at all; they are on Yodlee, a third-party data aggregation service. And Yodlee is reputedly the biggest and most respected name in the data aggregation industry. Here is how it works:
- You give your credentials to Yodlee;
- Yodlee sends only data to Personal Capital and interacts with banks; and
- You interact with Personal Capital.
I’d say, given the level of encryption and the fact that Personal Capital doesn’t store your credentials, your data is safe.
Sign up for the best deal in investment and financial management tracking including retirement planning calculator from the well regarded Peresonal Capital. The price for these valuable tools is free.
2. Is the connection to Personal Capital safe?
We already know that your data is safe with Personal Capital when already there.
Here the question is whether your data is safe on the way there and what is the probability of someone peeping in transit.
Personal Capital uses technology that encrypts all your interactions with them, and deciphering the communication between you and their servers is not a trivial task. Again, the company uses very secure protocols. (Remember the A+ security rating, I mentioned above? It applies here as well.)
Furthermore, Personal Capital requires two-stage authentication. If you log in from a new device, they will ask you to confirm that this is you via phone or e-mail.
3. How easy is it to breach the Personal Capital website?
Difficult. (This is a guess, and I’m far from being a seasoned hacker, but it is an educated guess nevertheless.)
Still, there have been several high profile data breaches, including the credit card data breach at Capital One.
So, is it easy to breach the Personal Capital website?
No, it is hard.
Is it possible?
Yes, it is. However, the probability of this happening is small.
4. How does Personal Capital protect me against fraud?
Now that I’ve answered your concerns regarding the safety of your financial data and the website let’s turn to the matter of fraud.
Money crime has changed. Until recently, it was about people snatching your cash; today, a lot of it is about people fraudulently using your bank accounts and credit cards to shop for…well, anything.
Personal Capital can help you detect fraudulent spending on your linked accounts. There are two ways to do that:
- You can use the Personal Capital transactions page to check the activity on all your linked accounts; and
- You can opt-in the Daily Transaction Monitor and receive by e-mail a daily list of new transactions on all your linked accounts.
5. Can hackers steal my money if my Personal Capital Account is compromised?
Let’s assume the worst: there has been a breach of your Personal Capital account. Question is if the hackers can steal all your money?
No, they can’t, and there are two reasons for that:
One, the Personal Capital application is designed to make it impossible to move money in, out, or between accounts from the dashboard. You can’t do it, and the hackers can’t do it either.
And two, your credentials are never sent to your browser. They are stored at Yodlee, remember?
In brief, even if your Personal Capital account is compromised, and this is a big if, your money is safe.
6. Can Yodlee security be breached, and what happens next?
Yodlee maintains bank-level security, meaning they use military-grade encryption (256-bit), guarded facilities, no human access to unencrypted data and random security audits. Furthermore, Yodlee accepts banking industry regulatory oversight; this includes regular inspections by the authorities and specific regulation.
According to Brian Costello, Vice President, Data Strategy & Strategic Solutions at Envestnet/Yodlee:
“Envestnet Yodlee’s security controls are indeed ‘bank-grade’ and are regularly assessed by regulators, industry-standard bodies, and our financial institution clients. Additionally, a key control for us is the encryption of consumers’ credentials. Credentials are encrypted when at rest, when in motion and usually both.”
Still, bad things could happen, right? What if someone hacks Yodlee security?
Experts agree that given the number of wealth management platforms using Yodlee, while the probability of a hack is small its consequences would be very serious.
It is not as clear whether you are due compensation if funds are stolen from your bank account as a result of a security breach at Yodlee.
I want to remind you now that the probability of Yodlee security hack is very small.
What can you do to reduce the risk of my Personal Capital account being compromised?
Here are seven tips to stay safe online, including when using Personal Capital or another online platform.
1. Use strong passwords
2. Never use the same password on different accounts
3. Install the latest updates
4. Use two-factor authentication where possible
5. Use a password manager
6. Secure phones and tablets with a screen lock
7. Back up your data.
The verdict: how safe is Personal Capital website?
When I started this security review, my mind was heavy with the question is Personal Capital safe to use.
My research convinced me that Personal Capital is a company that tackles issues around cybersecurity with competence, care, and continuous improvement. They use the latest encryption technology, have robust access protocols and don’t allow your bank accounts credentials anywhere near a web browser.
Using Personal Capital is safe enough and safer than many websites we use daily.
What I’ve also learned is that my money is safe even if my Personal Capital account gets breached. Hackers can see how much money I have and where it is stored, but they can’t move it around or get to my passwords and credentials.
This is safe enough for me. How about you?
Disclosure: Please note that this article may contain affiliate links which means that – at zero cost to you – I might earn a commission if you sign up or buy through the affiliate link. That said, I never recommend anything I don’t believe is valuable.
Updated; March 17, 2020