Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Security concerns

Jan 18, 2017 01:29PM EST

I understand that HelloWallet is read only, but my passwords are stored somewhere in the system. What happens if HelloWallet is hacked, and my bank account is compromised? Am I reimbursed?

Best Answer

HelloWallet Support Answer

Jan 18, 2017 03:22PM EST
Meaghan
HelloWallet Support

We partner with Yodlee to provide aggregation services for an individual’s financial accounts. We are extremely confident in Yodlee’s security. They are not just a typical technology provider. Your bank probably uses Yodlee services. In other words, people have probably used Yodlee without even knowing it. A few hundred financial institutions use Yodlee. Citibank uses Yodlee, as does JPMorganChase and Bank of America. Yodlee is examined by a multi-agency group led by the Office of the Comptroller of the Currency (part of the US Treasury). The work is guided by the FFIEC (Federal Financial Institutions Examination Council) IT Examination Handbook. Yodlee provides support for accessing account information at thousands of financial institutions.

This is currently how an account is linked using Yodlee. A HelloWallet user selects a financial institution from a list within the HelloWallet application. HelloWallet provides this financial institution name to Yodlee, which in return provides the form input requirements specific to that institution. The form is then generated dynamically by our app and presented to the user. The user enters the credentials on this form and the form values are sent via HTTPS from the client browser to HelloWallet and then on to Yodlee in real-time. All data are encrypted in transit. Besides encryption, we also have controls in place between our servers and Yodlee’s including co-brand authentication and source IP-based access control. While the input form is generated by us, we do not store the provided form values in our environment. Also, the Yodlee API we use does not permit the movement of money, it only allows read-only access to information. Not even the individual user can move or initiate the movement of money using HelloWallet.

This question has received the maximum number of answers.

Can't find what you are looking for?
Post a Public Question
394f09daf7261e38402495676f2d372d@hellowallet.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete