Security Leadership
Since our founding, Finicity has made the security and protection of data a top priority. We implement best-in-class physical, technological and procedural security safeguards similar to those used by major financial institutions (banks, credit card companies, trading firms).
What we do to protect your privacy and security
Encryption
Encryption scrambles sensitive transmissions made via the Internet. We employ strict encryption processes—the same used by financial institutions. Whenever data is transmitted, we require SSL /TLS (TLS1.2, soon to be TLS1.3) encryption. We also store data in an encrypted format (via AES256bit encryption), with additional layers of encryption added to our backup systems.
Firewall
Firewalls restrict connections between publicly accessible servers including connections from wireless networks and system components storing user data. All Finicity systems are protected by separate firewall layers. We use a defense in depth approach with a web application firewall defending against OWASP Top10, DDoS attacks, and any known exploits against websites and applications.
Additionally, we employ leading-edge machine learning technology that autonomously identifies and blocks any network or systems activity that is suspected to be nefarious in nature.
Password and Account Protection
A username and hidden (hashed) password are required to access any Finicity online service. After a username or password is entered incorrectly a specified number of times, access to an account is blocked. You are responsible for protecting the secrecy of your password in accordance with the terms of the Finicity end-user service agreement.
All other services employed by Finicity require either multi-factor authentication or are tied to a single sign-on function (SSO).
Physical Security
Finicity uses secure facilities that are monitored and manned 24 hours a day, 7 days a week. Access to servers requires multiple levels of identification, authentication including biometric and other security procedures.
Regular Internal and Third-party Security Audits
All of our systems, policies and procedures undergo regular security audits by third-party security experts. All systems are regularly updated. Finicity is SOC2, Type 2 certified, and maintains a PCI Level 1 RoC/AoC. We implement industry best practices for internal and external vulnerability testing, patching, anti-malware/virus and data loss prevention.
Correcting/Updating Personal Information
You may review, update or correct your contact, account and financial information by contacting Finicity Support.
Reporting a Privacy or Security Related Issue
If you have a security or privacy-related matter, questions about our Privacy Statement, our information practices, or other aspects of privacy in connection with the use of Finicity services you can email our Data Privacy Officer.
Certain open banking solutions are provided by Finicity, a Mastercard company.