What does PocketSmith use for bank feeds?
PocketSmith's Bank Feed Service uses a data aggregation service called Yodlee. We choose them because they're the best in the industry.
Yodlee is a US company founded in 1999 that provides digital financial solutions for over 20 million paid users and over 850 financial institutions and financial technology innovators, including Xero, Billguard, ANZ Money Manager and Personal Capital. 11 of the 20 largest U.S. banks trust Yodlee for their services.
This is an excerpt from Yodlee's website: http://www.yodlee.com/why-yodlee/
With more than 15 years’ experience integrating into the largest banks in the world, security is in our DNA. Yodlee has extensive experience meeting the highest standards in data security, privacy, and regulatory compliance. Yodlee is audited by U.S. regulatory agencies and maintains comprehensive security procedures, policies, controls, and reviews across every aspect of our technology and our business, globally.
Protecting the personal information of individuals who use our customers’ products and services is the top priority at Yodlee. Yodlee does not typically receive any information from data providers that is considered personally identifiable information (PII) under the relevant regulations.
As a precaution, Yodlee further scrubs all user data received to ensure elimination of any potential personally identifiable information that might appear in a transaction string or elsewhere, so that no data utilized by Yodlee contains any user identifiable or attributable information. In addition to Yodlee’s own internal audits, transaction level scrubbing is also checked by leading 3rd party Security and Privacy experts.
What about Yodlee's security?
You can find Yodlee's general security statement here: http://www.yodlee.com/yodlee-security/ . Key US Banking regulators perform examinations into Yodlee's practices, including the Office of the Comptroller of the Currency and Federal Financial Institutions Council.
Where are my login details stored?
Your login details are passed securely to Yodlee, and not stored by PocketSmith. These details are used by Yodlee for one sole purpose, which is to fetch your transactions direct from your banking site.
This is an excerpt from an interview that describes how they handle login details:
Users input their credentials and we never actually see it. And people like Xero never actually see it. They enter it into an interface and when they hit send it gets encrypted and separated from that point. It’s hashed all the way back through the hardware. It’s not just software encryption, it’s all the way down into the boxes themselves.
We store you as a user with a Yodlee ID. You have a password and a credential that is hashed and exists somewhere else and is matched to your user ID, and then your transaction and financial data they sit somewhere else encrypted all the way through to the hardware.
What is PocketSmith able to do aside from get my transactions?
The PocketSmith Bank Feed service is completely read-only. It is not possible for the PocketSmith Bank Feed service to transfer, move, or do anything else with your bank accounts aside from gather your transactions for you.
Does using Yodlee and the live bank feed service violate my Bank's Terms and Conditions?
Online banking Terms and Conditions differ from bank to bank, so you should review yours and make an informed decision about whether bank feeds are right for you.
We've chosen Yodlee because we trust that their live transaction data aggregation is the safest and most reliable method of providing automated transaction imports into PocketSmith.
Yodlee has experienced no known breaches to date, and we place our own trust in them and their practices. All PocketSmith employees use the Bank Feed Service to sync up their personal accounts.
Is PocketSmith able to guarantee me against losses caused by any live feed data breach?
Your use of the Bank Feed Service is at your sole risk. We are not in a position to offer our users any guarantees with respect to the live bank feed service, just as Yodlee aren't able to provide us any guarantees.
If you're not ready to use the Bank Feed Service, PocketSmith offers a comprehensive set of features that will let you securely upload your bank files without needing to enter your online banking data.
I have some more questions.
Please let us know any other concerns or questions that you have, and we'll ask Yodlee for any information that isn't on hand.