We saw how other online personal finance sites were managing your most trusted data and it made us feel uncomfortable.
Most other sites use a third party service provided by Yodlee. The web site you signed up with asks you to enter all the answers to your bank security questions which in turn get stored on Yodlee’s computers. Yodlee then uses your details to log into your bank whenever it likes to retrieve your bank account data.
Yodlee then sells your bank data to the web site that you signed up with, for example, Lovemoney, and Moneydashboard in the UK, who also store your transaction data and finally provide you with a view of your bank data over the internet.
We think this is wrong for three main reasons.
The first is that your bank security answers are stored on someone else’s computer normally in the United States with millions of other users bank security answers, which we think is unsafe and a natural target for hackers.
Secondly you have no direct control over those security details, you have to trust that the web site you signed up with will pass on your requests to remove your details, and you don’t personally have any contract with that third party at all. You also have no idea how often or when that provider is going to log into your account.
Finally the bank account data that this third party provider gathers is stored on their computers, and on the computers of the web site you signed up with. Not only is that a second place for possible security breaches but you also have little or no guarantee over what the third party provider, like Yodlee, can do with your data.
Only you and your bank can get at your bank security answers, they are securely encrypted on your phone. In fact once you have entered them on your phone, not even you can see them, they are stored in Money toolkits 128 bit AES encrypted safe, using your password as a key, and your password is stored in a way that is almost impossible* to be decoded (using SHA-256).
But then comes the really clever bit. We actually dont store the whole encrypted file on your phone. We split the file into three parts, only one is stored on your phone, the other two parts are sent to two different servers somewhere in the UK. Each part is totally useless without the other two parts.
So if anyone finds or steals your phone – it is literally impossible for them to recover your secure details. Similarly if anyone manages to breach our military grade security on our servers they will still be completely unable to recover your secure details, unless they also have your phone.
The down side of this level of security is that we can’t tell you your password if you forget it. All we can do is give you another temporary password, but then your data will be unrecoverable and you will have to enter your bank details again. Of course all your transaction data is still safe and secure at your bank, our service can in no way affect your bank data, remember we only ever get a copy of your bank data. Once you have set up your bank security questions we can just go and get a new copy of your bank data.
The advantage of this system is that It makes it literally impossible for anyone who has physical access to your phone (through theft, or otherwise) to recover any of your secure data from the phone. Not only would someone have to get access to your phone they would have to go to the same lengths as they would if they wanted to ‘hack’ into a bank, but they would have to do it three times!