Data Security: Q&A with our CTO

ByAllAccounts deals with sensitive account information every day, so it comes as no surprise that we get a lot of questions regarding how we keep that information secure and ensure your clients’ privacy. I had an opportunity to sit down with our Chief Technology Officer, Martin Dickau, to discuss some of the questions he hears most frequently. Here are the top 4 questions that Martin is asked, and the answers he provides:

Question #1: Why does ByAllAccounts’ service need my clients’ credentials—login ID and password—to aggregate data?

We need the credentials because we use the same websites that your clients use to get their account information. Our system uses your clients’ credentials—login ID, password, etc.—to access the site as their agent, getting data just as they would themselves. We then turn that into a data feed for your back office.

Question #2: Do ByAllAccounts employees log into my clients’ accounts to gather the financial information?

Absolutely not. The account access credentials your clients supply go directly – encrypted – into our system’s database, without human intervention. Our information gathering program then uses those credentials each night, automatically, to get the prior-day values and recent account activity. This process does NOT involve having any of our employees log into your clients’ accounts to gather the information, and neither you nor your clients give account access credentials to any of our employees.

Question #3: Does using ByAllAccounts allow me to log into my clients’ accounts?

Again, the answer is no. Our system does not provide any means for you to log into, trade in, move money from, or alter the address of record on a client’s accounts. You also cannot retrieve client credentials from our system.

Question #4: How is my clients’ information protected?

Protecting your clients’ information is our highest priority, and we use multiple layers of security to ensure that their data is always protected. These security measures include:

  • Encryption. All sensitive information is encrypted during transmission, when stored in our database, and on back-up media.
  • Physical security. Our data center employs 24x7 guards, video monitoring, and stringent physical access controls.
  • Employee screening. Our employees are subject to criminal background checks and credit checks prior to hiring and throughout their tenure with us.
  • Controlled access. All physical and remote access to our systems is strictly limited, and any such access is recorded and monitored.
  • Network security. Firewalls, intrusion detection software, and anti-virus software are used to defend our systems against external attack.
  • Third party verification. We also have third parties conduct periodic penetration testing and vulnerability assessments to ensure that we are keeping up with the latest security best practices.

The end result—client data is secure and the privacy of the information is maintained.

You Might Also Be Interested In:

comments powered by Disqus