What We Do To Protect Your Privacy and Security
Encryption scrambles your sensitive transmissions made via the Internet. At Finicity, we employ strict encryption process – the same form used by online banks and trading firms. So whenever we prompt you to transmit sensitive information (such as a credit card number), we require SSL /TLS (TLS1.2, soon to be TLS1.3) encryption of your data as it is transmitted. We also store any sensitive data in an encrypted format (via AES256bit encryption), with additional layers of encryption added to our backup systems.
Finicity employs industry-leading solutions that restricts connections between publicly accessible servers, including any connections from wireless networks and any system component storing user data. All data and access to the Finicity servers are filtered by perimeter firewalls before reaching any Web servers. Additionally, application and database servers are protected by a separate firewall layer. We use a defense in depth approach with a Web Application firewall defending against OWASP Top10, DDoS attacks, and any known exploits against web sites and applications (including our APIs).
A username and hidden (hashed) password are required to access any Finicity online service. After a username or password is entered incorrectly a specified number of times, access to an account is blocked. You are responsible for protecting the secrecy of your password in accordance with the terms of the Finicity End User Service Agreement. We recommend that you do not store secure pages in your cache or leave your computer unattended while you are logged in to any Finicity online service or while you are enrolling on the Finicity Web site.
Finicity uses secure facilities that are monitored and manned 24 hours a day, 7 days a week. Access to servers requires multiple levels of identification authentication including biometric (hand print scan) and other security procedures.
Regular Security Audits
All of our systems, policies and procedures undergo regular security audits by security experts to ensure that critical personal information remains safe and secure. All systems are regularly updated and upgraded to ensure compliance with current security procedures and technology. Finicity is SOC2, Type 2 certified, and soon to be PCI Level 1 compliant. We maintain industry best practices for internal and external vulnerability testing, patching, anti-malware/virus and data loss prevention.
Correcting/Updating Personal Information or Reporting a Privacy or Security Related Issue
At our Web site we provide you the opportunity to update or correct your account, financial and credit card download information. You may review and update your contact information via Finicity Support for assistance.