Is Personal Capital Safe To Use?

Yes, Personal Capital is safe to use to track your finances, manage your net worth, and plan your retirement. You can do so all for free using their suite of financial tools.

They now have over 5 million registered users tracking over $50 billion in assets under management as of 2022. Personal Capital was purchased by Empower in 2020 because it is safe and a highly value-added free wealth management tool.

But how do you really know if Personal Capital is safe to use? As a personal finance blogger, people ask me this question a lot. Security truly is their highest priority, which I'll explain in detail below.

I’ve been a user of Personal Capital’s free financial tools since 2012 and love their products and services. In fact, I liked Personal Capital so much that I decided to be a part-time consultant for them between 2013-2015.

They are based in the San Francisco Bay Area like myself. And I got to meet and work with members of the executive team, marketing department, and some of the financial advisors as well. As a result, I became thoroughly familiar with all of their offerings and just how important security and safety is to Personal Capital and its clients.

To maximize the use of their tools, it’s important to link all your financial accounts with them. Thus, security is fundamental to their business model. When you link your real financial accounts through the dashboard, Personal Capital thoroughly analyze investment asset allocation. In addition, the tools can monitor your cash flow, future retirement cashflow, and so much more.

Another great fact about Personal Capital is that Bill Harris, the founder, built and sold an encryption company named PassMark Security before starting Personal Capital. As a result, they are extremely knowledgable about online safety.

Here’s an overview about Personal Capital’s online safety.

Personal Capital Is Safe and Secure

Their highest priority is keeping your financial data safe and secure. In a nutshell, what makes Personal Capital safe is they use multiple layers of security in every component of their systems. This keeps your accounts and money safe. And your information stays private.

Your Data Is Safe And Protected

• All sensitive information is protected both at rest and in transit.
• Data is encrypted with AES-256 with multi-layer key management, including rotating user-specific keys and salts.
• Strict internal access controls.
• No individual at Personal Capital has access to your credentials.

AES-256 is the Advanced Encryption Standard (AES) and is the gold standard as determined by NIST, the United States National Institute of Standards and Technology. 256 refers to the length of the key used and 256-bits is a longest. It is also the same encryption used by the US Government.

The data you provide Personal Capital is stored in the cloud. And most of the cloud services are controlled by Amazon and Microsoft, two of the most secure companies on the planet.

They offer redundant storage to an extent you would not have just storing your data at home where your hard drive could blow up or your house burn down with your data in it. So, it is often an acceptable risk.

Because you never really have to enter your bank credentials when logging in to Personal Capital, that never gets transmitted. So, if a keylogger or malware compromise your computer, your accounts remain safe.

There will always be risks with anything online. And no system will ever be perfectly secure. But, it always comes down to an individual judgment about whether the risk is reasonable or minimal compared with the benefit of the service.

Security Insights From The CTO

The person in charge of security is Fritz Robbins, Personal Capital’s CTO whom I’ve worked with. He has over 20 years of experience in their field.

He had a three-year stint as a System Architect at RSA Security and 8 years running his own full-lifecycle software engineering company. Robbinx also holds an M.S. in Computer Science from Stanford University.

In Mr. Robbin’s point of view, he believes viewing your banking and brokerage accounts via Personal Capital is safer than going directly to the banking/brokerage site from your browser. Here are the following reasons:

• Your credentials are stored in a secure data center versus always being transmitted via the user’s (generally less-secure) browser
• The connection is read-only and no money can be taken out of your banking/brokerage account via Personal Capital. And your banking/brokerage passwords are never returned to your browser from our servers.
• Personal Capital gives you notification of all banking/brokerage transactions (via email or mobile push notifications) that make it easy for you to monitor you banking/brokerage accounts for fraud, all in one place.

Strong Encryption

One of the main reasons why Personal Capital is safe is because they have exceptional website encryption. It has an A rating by the world-renowned Qualys SSL Labs. This is a stronger rating than most major banks or brokerages.

The company stays on top of security vulnerabilities as well and keeps up-to-date with best practices. For example, Personal Capital's servers prefer TLS 1.2, and also support TLS 1.1 and TLS 1.0.

They don’t allow SSLv3, RC4, or other insecure protocols or ciphers. In addition, they use ECDHE key exchange for Perfect Forward Secrecy.

Fraud Detection Using Personal Capital

Credit card fraud is one of the main reasons why I use Personal Capital. They will notify users whenever they detect something out of whack.

After linking your accounts to Personal Capital, you can use the Transactions page to look at all your transactions across all accounts.

The opt-in Daily Transaction Monitor email also sends a daily list of new transactions across your accounts. This makes it easy and fast to check for any suspicious activity in your accounts.

Rather than reviewing your statement at the end of the month, you review it daily when your memory is fresh. You may not remember a transaction from two weeks ago but if it happened today, you will.

Related: Personal Capital Review

Robust Authentication

When it comes to maintaining your security, protecting your username and password are just the start.

Personal Capital is safe to use because of its robust authentication features. They require 2-factor authorization. This means you must authenticate every device that accesses your account.

Thus, if you log in from an unknown or new device, they will confirm it’s you via your phone or email (you pick when you set it up). I feel this is a must for any financial institution. Surprisingly, there are some banks who still don’t have this yet!

In addition, before you can access your account on any new device, you’ll receive an automated phone call, email, or SMS asking to confirm your identity.

You can also utilize extra mobile protection on iPhone with Touch ID and Face ID authentication, and mobile-only PINs on iOS and Android.

There are many ways to protect to safeguard yourself from financial fraud as well. Once example is signing up for Aura, which acts as an extra layer of online identity protection if that's what you want.

Partnering With The Industry Leader Keeps Your Credentials Safe

Another reason why Personal Capital is safe is their beneficial Yodlee partnership. Yodlee is a financial technology industry veteran that helps facilitate the aggregation of your accounts. They have over a decade of experience connecting with financial institutions. Yodlee provides an added layer of safety between your data and anyone who would want to access your account information.

Your bank and brokerage credentials are only stored at Yodlee, not in Personal Capital’s database. As a result, your credentials are safer in Yodlee’s data center than they are in your browser! Yodlee is also periodically audited by the Office of the Controller of the Currency.

WhiteHat Security performs around-the-clock security testing on the Personal Capital website as well. And their iOS apps have passed the rigorous AppSecure certification process by NowSecure.

Personal Capital also operates under SEC (Securities and Exchange Commission) jurisdiction. And, they have regular compliance audits with SEC cybersecurity regulations.

They also use Verisign and other state-of-the-art security solutions and practices to keep their site safe.

Internet Security Pioneers

Rest assured, when it comes to online security, there’s not much Personal Capital hasn't seen. The entire staff understands the challenges of Internet security and prioritize the crucial importance of keeping you safe.

As mentioned earlier, Personal Capital’s founding CEO, Bill Harris, has an extensive background in internet security. Harris previously co-founded PassMark Security, the company that designed the online authentication system that is now used by most of the major banks in this country.

No One Can Touch Your Money

As for internal access controls, no one at Personal Capital has access to your credentials. Zero.

All of your online interaction with Personal Capital is also encrypted. So, no one can decipher what you’re communicating with Personal Capital servers. 

In the event that your Personal Capital account is ever compromised, their application design ensures that you are still safe.

You can’t move your money in, out, or between any accounts you link to our dashboard. Neither can anyone else. So you can feel safe linking all of your accounts to the dashboard. Doing so really lets you benefit from all of the free tools Personal Capital has to offer.

Personal Capital never sends your credentials to your browser. Thus, after linking your accounts, your credentials are stored safely at Yodlee. And they are only ever sent directly to your financial institution.

What Should I Do To Protect Myself From Cyberattacks?

Now that you understand why Personal Capital is safe to use, it's also beneficial to know how to protect yourself from cyberattacks as well.

It seems like every month, there's a new global cyberattack impacting hundreds of thousands of computer systems around the world.

For example, cybercriminals can deploy a malicious form of software known as ransomware. It typically locks up people’s data under threat of destruction unless a “ransom” is paid. You may remember the WannaCry ransomware attack that compromised over 200,000 Windows computers in more than 150 countries.

According to the New York Times, the cybercriminals behind the WannaCry ransomware attack generally targeted hospitals, academic institutions, blue-chip companies, and other businesses.

Each ransomware attack is always a good reminder to practice good security hygiene, and protect your financial information on the internet.

Tips To Help Keep Your Data Safe

Here are some recommendations:

• Use a financial data aggregation service such as Personal Capital for viewing your financial data, rather than logging in directly to your bank website.
  • This reduces exposure of your banking passwords on the Internet.
• Regularly monitor all of your financial accounts for unusual activity. Personal Capital’s financial dashboard, and its daily transaction monitoring email service, are great ways to do this.
  • Security-conscious users should review their financial transactions at least twice per week.
• Always exercise good password hygiene at financial institutions or other sensitive websites.
  • Use long, random passwords rather than simple words
  • Don't use the same password at multiple sites
  • And change passwords on a regular basis
• Do not open emails that seem suspicious or click on links in emails unless you are certain of the content and the sender.
• Perform regular backups of your personal computers to minimize the potential impact of a ransomware incident.
• Keep your personal computer software up to date with vendor-provided updates and patches. This is especially important for your operating system, whether it be Windows or Mac.
  • For example, the WannaCry vulnerability was completely fixed in an update from Microsoft. The only computers that were impacted were those running out-of-date or un-patched versions of Windows.

Personal Capital Overview

If you're ready to start using Personal Capital, you can safely create a free account here. Keep reading if you want to learn even more about their offerings.

Founded in 2009, Personal Capital is the pioneer hybrid robo-advisor to help democratize access to affordable financial wealth management services.

What’s great about Personal Capital is they have a FREE, award-winning financial dashboard. Anybody can sign up to track their net worth, manage cash flow, x-ray their investment portfolios for excessive fees, and run multi-variable simulations for retirement with their retirement planner tool.

If you feel you need help managing your investment portfolio, can you also sign up to become a paying client. But there is no obligation.

I’ve used their free financial tools since 2012 and have seen my net worth sky rocket as a result. There’s a great saying I strongly believe in. “That which can be tracked can be optimized.”

Sign up for Personal Capital’s free financial tools here.

Personal Capital Detailed Overview

Headquarters: Redwood City, California with offices in Denver and San Francisco

Description: Personal Capital is the leading digital wealth management firm.

Founders: Bill Harris, Louie Gasparini, Rob Foregger

Categories: Financial Services, Wealth Management, Finance, FinTech

Free sign up link for their app: Personal Capital

Personal Capital Management

Free Financial Tool Features

Personal Capital has the #1 free financial software on the web today. You don’t need to be a client to take advantage of tracking your net worth, x-raying your portfolio for excessive fees, and planning your retirement.

Here are some of the tool’s key features. You can also access them via your mobile device. Now that you know Personal Capital is safe to use, I highly recommend everybody sign up and link their accounts.

1) Retirement Planner. This tool helps you to know if you’re on track to retire, and even allows you to make adjustments for major life changes, such as job/career/income changes, illness, childbirth or saving for college.

2) 401(k) Fund Allocation. Even though Personal Capital can’t manage your employer sponsored retirement plan, they can analyze the plan and make asset allocation suggestions based on all of the investment options available in the plan.

3) Net Worth Calculator. Track your assets and liabilities so that you can quickly find your net worth at any time. This tool will help you to really know if you’re on track to reach your long-term financial goals.

4) Cash Flow Analyzer. Use this tool to create a budget, where you can track your income and expenses whatever the sources. This will help you see where you’re spending money, so that you can free up income for savings, investing, and debt payoff.

5) Investment Checkup tool. This can provide a risk assessment of your portfolio, including your retirement plan. It will make suggestions to help you improve your asset allocation plan to make it consistent with your goals and personal preferences. Not only is Personal Capital safe, the free tool helps you keep a good eye on your investments as well.

Sign Up For Free Today

Personal Capital is an all-in-one financial management platform with an emphasis on successful investment management. You don’t need $100,000 to take advantage of their free financial tools because it’s absolutely free.

I began tracking my net worth with Personal Capital in 2012 and have seen my net worth skyrocket since due to better financial optimization. Personal Capital is safe to use to manage your money for free.

About the Author: Sam began investing his own money ever since he opened an online brokerage account online in 1995. Sam loved investing so much that he decided to make a career out of investing by spending the next 13 years after college working at Goldman Sachs and Credit Suisse Group. During this time, Sam received his MBA from UC Berkeley with a focus on finance and real estate. 

About FinancialSamurai.com: With over 1 million organic pageviews a month, FinancialSamurai.com is one of the largest and most trusted personal finance sites on the web since 2009. FinancialSamurai.com has been highlighted in The Wall Street Journal, Bloomberg, The New York Times, Chicago Tribune, and many more publications. 

Is Personal Capital Safe To Use? is a FS original post.