Finicity is a division of Mastercard and an award-winning provider of online money management tools. Finicity was founded in 1999 and currently manages billions and billions of dollars worth of transactions each year for customers in all 50 U.S. states and throughout the world. Finicity connects to more than 16,000 financial institutions (banks, credit card companies, trading firms).
Since its founding, Finicity has made the security and protection of your data top priority by using state-of-the-art physical, technological and procedural security safeguards…similar to those used by the major financial institutions (banks, credit card companies, trading firms). You can feel confident that Finicity will keep your data private, secure and protected.
What Finicity does to protect your data
Encryption: Encryption scrambles your sensitive transmissions made via the Internet. At Finicity, we employ strict encryption process – the same form used by online banks and trading firms. Whenever we prompt you to transmit sensitive information (such as a credit card number), we require SSL /TLS (TLS1.2, soon to be TLS1.3) encryption of your data as it is transmitted. We also store any sensitive data in an encrypted format (via AES256bit encryption), with additional layers of encryption added to our backup systems.
Firewall Protection: Finicity employs industry-leading solutions that restrict connections between publicly accessible servers, including any connections from wireless networks and any system component storing user data. All data and access to the Finicity servers are filtered by perimeter firewalls before reaching any Web servers. In addition, application and database servers are protected by a separate firewall layer. We use a Web Application firewall in defending against OWASP Top10, DDoS attacks, and any known exploits against web sites and applications (including our APIs).
Password Protection: A username and hidden (hashed) password are required to access any Finicity online service. After a username or password is entered incorrectly three times, access to an account is blocked. You are responsible for protecting the secrecy of your password in accordance with the terms of the Finicity End User Service Agreement. We recommend that you do not store secure pages in your cache or leave your computer unattended while you are logged in to any Finicity online service.
Session Management: To minimize the possibility of unauthorized access, after a set period of inactivity, the system ends the session and logs the user out.
Physical Security: Finicity uses secure hosting facilities that are monitored 24 hours a day, 7 days a week. Access to servers requires multiple levels of identification authentication including biometric (hand print scan) and other procedures.
Regular Security Audits: All of our systems, policies and procedures undergo regular security audits by security experts to ensure that critical personal information remains safe and secure. All systems are regularly updated and upgraded to ensure compliance with current security procedures and technology. Finicity is SOC2, Type 2 certified, and soon to be PCI Level 1 compliant. We maintain industry best practices for internal and external vulnerability testing, patching, anti-malware/virus and data loss prevention.
Correcting/Updating Personal Information: If needed, Finicity will allow you to update or correct your account, financial and credit card download information. You may review and update your contact information via live chat with a customer service representative by clicking on the Live Chat links within the Finicity website.