Is Personal Capital Safe to Use?

Want to jump straight to the best? The best robo advisor for most people is definitely Titan.

We all have so much on the go today, that the one thing we often neglected to do is to get a handle on our personal finances. It requires time and discipline to do, often leading to procrastination. But now, with so many free tools available to us online, there should be no excuses for not taking control of our financial destiny. From expense tracking and budgeting to monitoring your investments and paying your bills. 

Overview: Personal Capital

Best For
High Net Worth Individuals
Best For
  • High-net-worth individuals looking for a comprehensive digital financial manager
  • Retirement planning
  • Self-starters who can use the Personal Capital Financial Tools to track finances and set long-term financial goals

Personal Capital offers a comprehensive set of free online budgeting apps and money-management tools. These tools can help you create a budget, categorize your expenses, and track and analyze your spending using transactions downloaded directly from your financial institutions.  

However, unlike many other similar free income and expense tracking solutions available out there, the company also wraps its free offerings around a set of optional paid-for value-added investment management and financial planning services.  

As a Registered Investment Advisor (RIA), the company’s advisors act as fiduciaries to their clients. What does that mean to you? It means they are legally obligated to ensure that any advice or recommendations they provide you must be in your best interest – and no one else’s.

Once you’ve saved money using their online budgeting and expense tracking tools, you’ll seamlessly be able to take your money management efforts to the next level with the help of Personal Capital’s professional financial planners and investment advisors.  

With over $5 billion in assets under management (AUM), no one can deny that your money is safe with Personal Capital. The question is, however: Are their online tools secure?

Read Benzinga’s full Personal Capital Review

Assessing Personal Capital’s Security

Saving money is easier with the help of software that’s specially designed to help you do just that. But as you put more and more of your financial life into these tools, you’ll be right to worry about the security of that data. The number of high-profile hacking incidents, and the many instances of breaches of personal data, rightfully gives users of online services pause for concern.  

The company has built its platform with security at its core. If you are looking for an online budgeting and personal finance management solution, and security is the only thing holding you back, then you’ll find everything you need at Personal Capital.

Obviously, as with any other financial software, users must exercise their own diligence when it comes to protecting their data online. But by implementing a robust set of security protocols, users of Personal Capital tools have an added level of peace of mind when it comes to protection of their sensitive data.

To use this set of online money management tools, users must first link their debit/credit cards, investment accounts and checking and savings accounts to the Personal Capital database. From there, you’ll then be able to seamlessly manage and monitor your financial life across multiple institutions that house your accounts.

The design of Personal Capital software is such that users can’t initiate any transactions in linked accounts through the company’s platform. The only way to move money in linked accounts is through your originating bank or financial institution.  This feature guarantees the security of user funds even in the event of a security breach at the Personal Capital platform.

Another layer of security, that ensures your log-in credentials are secure, is that Personal Capital does not store user credentials on its servers. Yodlee, a leader in data aggregation, securely hosts that data (off-site from Personal Capital) and only ever shares it with the financial institutions with whom you have your linked accounts.  

End-user level security breaches are the most popular method for data pirates to get a hold of your sensitive data. And the most common gateway for hackers and data thieves to compromise you is through your browser. Weak browser security often leaves desktops and mobile devices vulnerable to data security attempts. That’s why Personal Capital never transmits your log-in credentials to your browser.

The company uses secure channels to communicate privately between Personal Capital databases and those of its security partners – including Yodlee. This then precludes the need to share your credentials with your – potentially unsecured – browser, thereby leaving no opportunity for hackers and scammers to intercept your data.

Encryption

When you use money management or investment apps online, the risk of unwanted “actors” waiting to peek at your personal information is ever present. And your desktop or mobile device may not necessarily be responsible for initiating that threat. Interacting with other unsecured websites and apps could easily lead to 3rd parties getting access to your personal data.  

Personal Capital deals with that threat by implementing strong encryption on its platform. At its simplest, encryption is the process of taking sensitive data and “wrapping” it with layers of protection to make it unreadable without decryption. And the only way to decrypt it is to have access to the algorithm originally used to encrypt it.

According to the company’s website, the software uses:

  • “…AES-256 encryption with multi-layer key management, including rotating user-specific keys and salts”
  • “Extended Validation certificate, Certificate Transparency, OCSP stapling and Strict Transport Security (HSTS) technology”
  • and “…ECDHE key”

So, what does this mean for your online security? It means that military-grade advanced encryption algorithms securely obfuscate (“cloak”) the data during transmittal, making it near impossible to unauthorized access. Even if someone unlawfully accesses that data, the powerful encryption algorithms are tough to crack, which means your data will remain unreadable by data thieves.

The company uses electronic “keys” to unlock access to encrypted data. Potential data pirates can’t access your data unless they have an authenticated copy of those keys. Frequent changes to the “keys”, used to gain access to the data, also provides another layer of security to thwart unlawful data access.

Personal Capital has also implemented some of the latest encryption protocols, such as TLS V1.2, to protect servers housing their data assets. The company does not support older versions of these protocols, including TLS and SSL, making their servers less likely to data privacy breaches.    

All these measures ensure your data moves secretly and securely across the internet, with little risk of exposure to unwanted 3rd-parties. This has led world-class online security and compliance authority Qualys SSL Labs to rate Personal Capital encryption with an A+ grade.

Fraud Detection

Fraudsters rely upon making innocuous transactions in your accounts, in a way that you either don’t notice them, or it takes you a while to realize what’s happened. The best way to prevent fraud is to be vigilant of all transactions that flow through every account. Easier said than done!

But Personal Capital helps you fight against fraudulent activity by aggregating and presenting all your transactions under a single window.  This one-window view makes it easier for you to immediately detect unauthorized transactions.

Fraud Detection - Source: Personal Capital
Source: Personal Capital

Even though Personal Capital consolidates all your financial transactions under a single roof, it might be hard to visually detect suspicious activity – especially if there are a large volume of transactions to sift through.

To prevent you from becoming a victim of fraudulent transactions, Personal Capital’s opt-in Daily Transaction Monitor continually downloads and scans your transactions for suspicious activity. This early-warning feature quickly analyzes and flags anything dubious to you via email/text communications. You can then reach out to your financial institution and work with them to further scrutinize the doubtful transactions.  

Authentication

Personal Capital has put in place multiple protocols to ensure that only authentic users gain access to its platform. It does so via robust authentication. At a very high-level, authentication is the process online platforms use to validate that a user is who they say they are. The use of multi-factor authentication (MFA) offers users additional security to their data.

Authentication of each new device used to connect to Personal Capital, via automated phone call, SMS message or email, ensures the owner of that device is an authentic Personal Capital account holder. In the event of compromises to log-in credentials, this authentication process guarantees that only “trusted” devices can access the software and its database.

iPhone users have further authentication security through the implementation of Touch ID, with iOS and Android users authenticated via mobile-only PINs.

Customer Service

People make all the difference to the safety and security of any online platform. And the people behind Personal Capital have years of experience in designing, supporting and managing secure online infrastructure.

In a prior life Bill Harris, founder of Personal Capital and former CEO of Intuit and PayPal, was intimately involved with internet technology. In his 25+ years of working with fintech, he also chaired the board of XTec Inc, a company that’s heavily involved in creating secure enterprise-level authentication and verification systems. In fact, many of the leading banks and financial services firms in the U.S. today rely on security protocols designed by PassMark Security, a company that Mr. Harris co-founded, to protect their clients from cyber threats.

Personal Capital’s Chief Information Security Officer, Maxime Rousseau, has an enviable track record of working with software giants and fintech companies. He is a member of Forbes Technology Council and specializes in several internet security and online data protection frameworks.

Final Thoughts

Through its bug bounty program, the company makes a concerted effort to proactively find and fix any vulnerabilities in Personal Capital software or infrastructure.  The company’s Chief Information Security Officer continually engages in outreach efforts to educate clients about the countless perils of online security, and how to deal with them.  

Realizing that company staff initiates many security breaches – so-called “insider attacks” – Personal Capital has implemented steps to protect its clients from such incidents. The company’s physical security protocols ensure that only staff with the highest levels of security credentials can access the company’s servers and IT infrastructure.  

So, is Personal Capital safe to use? Absolutely!

Related content: Personal Capital vs. Quicken