I understand that HelloWallet is read only, but my passwords are stored somewhere in the system. What happens if HelloWallet is hacked, and my bank account is compromised? Am I reimbursed?
We partner with Yodlee to provide aggregation services for an individual’s financial accounts. We are extremely confident in Yodlee’s security. They are not just a typical technology provider. Your bank probably uses Yodlee services. In other words, people have probably used Yodlee without even knowing it. A few hundred financial institutions use Yodlee. Citibank uses Yodlee, as does JPMorganChase and Bank of America. Yodlee is examined by a multi-agency group led by the Office of the Comptroller of the Currency (part of the US Treasury). The work is guided by the FFIEC (Federal Financial Institutions Examination Council) IT Examination Handbook. Yodlee provides support for accessing account information at thousands of financial institutions.
This is currently how an account is linked using Yodlee. A HelloWallet user selects a financial institution from a list within the HelloWallet application. HelloWallet provides this financial institution name to Yodlee, which in return provides the form input requirements specific to that institution. The form is then generated dynamically by our app and presented to the user. The user enters the credentials on this form and the form values are sent via HTTPS from the client browser to HelloWallet and then on to Yodlee in real-time. All data are encrypted in transit. Besides encryption, we also have controls in place between our servers and Yodlee’s including co-brand authentication and source IP-based access control. While the input form is generated by us, we do not store the provided form values in our environment. Also, the Yodlee API we use does not permit the movement of money, it only allows read-only access to information. Not even the individual user can move or initiate the movement of money using HelloWallet.
This question has received the maximum number of answers.