Security and Trust

Security and trust are at the heart of everything we do, they are the main reason Money Toolkit was started.

We saw how other online personal finance sites were managing your most trusted data and it made us feel uncomfortable.

An explanation…

Most other sites use a third party service provided by Yodlee. The web site you signed up with asks you to enter all the answers to your bank security questions which in turn get stored on Yodlee’s computers. Yodlee then uses your details to log into your bank whenever it likes to retrieve your bank account data.

Yodlee then sells your bank data to the web site that you signed up with, for example, Lovemoney, and Moneydashboard in the UK, who also store your transaction data and finally provide you with a view of your bank data over the internet.

We think this is wrong for three main reasons.

The first is that your bank security answers are stored on someone else’s computer normally in the United States with millions of other users bank security answers, which we think is unsafe and a natural target for hackers.

Secondly you have no direct control over those security details, you have to trust that the web site you signed up with will pass on your requests to remove your details, and you don’t personally have any contract with that third party at all. You also have no idea how often or when that provider is going to log into your account.

Finally the bank account data that this third party provider gathers is stored on their computers, and on the computers of the web site you signed up with. Not only is that a second place for possible security breaches but you also have little or no guarantee over what the third party provider, like Yodlee, can do with your data.

Why we are different and safer…

Only you and your bank can get at your bank security answers, they are securely encrypted on your phone. In fact once you have entered them on your phone, not even you can see them, they are stored in Money toolkits 128 bit AES encrypted safe, using your password as a key, and your password is stored in a way that is almost impossible* to be decoded (using SHA-256).

The down side of this level of security is that we can’t tell you your password if you forget it. All we can do is give you another temporary password, but then your data will be unrecoverable and you will have to enter your bank details again. Of course all your transaction data is still safe and secure at your bank, our service can in no way affect your bank data, remember we only ever get a copy of your bank data. Once you have set up your bank security questions we can just go and get a new copy of your bank data

Of course the advantage is that it is bank grade security on your phone. It makes it next to impossible* for anyone who has physically stolen your phone to recover any of your data. So not only would someone have to get access to your phone they would have to go to the same lengths as they would if they wanted to ‘hack’ into a bank, twice!

Comments are closed.

Search for:

Latest Posts
Tags
2011 Android android market article bank banking banks BankSimple bbc blog Co-Operative Code finance first direct first direct bank fiserv Framework Help html5 iPhone Javascript lloyds tsb marketing Mint mobile mobile banking money moneydashboard News online online banking pfm phonegap refund security sencha touch silverlight smile smile bank startup support trust uk web wesabe
Tweets
- Interesting… MoBank CEO Dominic Keen discusses their move to mobile commerce, because not enough money in PFM http://t.co/K9Pf3XAj about 2 weeks ago
- O2 Wallet is finally here, anyone tried it yet? http://t.co/PMXHNy21 about 3 weeks ago
- RT @almightyjamie: My sister has gone missing, please retweet this as much as possible. Thanks http://t.co/Tw5TC3L4 #taliecomehome @Visi ... about 3 weeks ago
@moneytoolkit

Money Toolkit

Security and Trust