The rapid growth of Fintech has created a renewed interest in security and privacy. With the upcoming Australia launch, we thought it was time to explain why Moneytree is considered the most trusted company in the financial data portability space.
It all begins with security including Secure Coding Practices and Review Processes. Moneytree provides privacy and security training with all new employees, periodic training of existing staff, and audits to ensure our best practices are always carried out.
We host our service on AWS and Heroku, widely acknowledged as industry-leading and secure infrastructure platforms. We carry out periodic vulnerability and penetration testing on all platforms, including all APIs and clients applications.
Protecting Your Data:
We use SSL Pinning to prevent Man-in-the-Middle (MITM) attacks. This involves bundling an encryption certificate in our native mobile apps to confirm when it is communicating with our services. Our native apps will refuse to connect with any server that cannot be cryptographically verified, such as an attacker on an insecure public Wifi network (actually this is not difficult to implement and should become an industry standard).
Additionally, Moneytree always encrypts data in flight, using Transport Layer Security (TLS), the successor to SSL. At rest data is protected using encrypted storage.
Moneytree and Privacy by Design:
Out of respect for your privacy, we believe in only collecting information necessary to provide the service. At registration we only request an email address and password, and the minimum authentication information necessary to aggregate data at your request. Unlike many online services that exist today, we will not request demographic data such as age, sex or other identifying data, without a valid and transparent business purpose.
At Moneytree we believe we can provide the most value to the world as a technology company, and not as an advertising or data marketing platform. We differ from competing services because we empower individuals by allowing them to i) choose the companies with which they choose to share their data, and ii) access next generation financial technology services using the data stored within Moneytree. We also refrain from "grey" practices such as selling anonymized data, which can potentially be de-anonymized by combining it with other data sets. Moneytree’s commitment to privacy is to provide non-zero sum outcomes, where you don’t have to sacrifice functionality or experience to maintain your right to privacy. For more information on Privacy by Design, there is a great summary on the website of the Information & Privacy Commissioner (Ontario).