Great online money organizer!!

[MikkiStreak]

Quote:

Originally Posted by Morgan "Safety, security, and privacy Yodlee is the dominant player in this industry, and the company says it is fanatical about security. All data are encrypted and stored on computers in a building at an undisclosed address. To get into the data center, employees have to go through several identity checks, including a hand scan. Yodlee promises that it won't share personally identifiable information with third parties. On the other hand, if you sign up for aggregation service through your bank's Web site, Yodlee says it can't control what the bank does with any information it gleans. You'll have to check your bank's privacy policy." Sounds secure, but if hackers were to target something, a website with a collection of accounts would be a good thing to target.

The security statements are kind of generic. And the reality is that, almost every company has the same risk when it comes to hosted accounts. In this situation: Yodlee hires an off-site company to host their client websites. That hosting company (like every other one out there) doesn't publish their datacenter information. They encrypt data coming into the server, and when it's extracted, it's un-encrypted.

Here's the question: What other companies use the same hosting company that Yoodle uses? Are each client on a separate server for security purposes? How does Yoodle submit their client data to the hosting company--- via encrypted FTP sites? Or does the data company get into the servers for Yoodle and extract the info in a file feed? And who all has access to the database of information from Yoodle?

The statement about security access into the host datacenter is fine, except: if someone wants the database information, are they really going to find the host location, or just hack into the servers?



I'm extremely leery of online things like this, but I also have had my identity stolen twice, and working in technology gives me a different perspective on things. I don't even keep my personal information or financial information on my PC anymore. I keep it on a disk in a safety deposit box at the bank.

[starchild]

It does sound like a great service and very convenient. I do online banking for all my accounts but they are on different sites, so I figure the odds of everything getting hacked and stolen is very slim. The odds are probably slim anywhere but things happen, and if all my info was in one place and became compromised I would freak.

 

I had a Monster account and they notified me that our information (resume/contact/etc.) had been basically stolen. They have a security policy too and gave us a big "we're sorry and working to assure it doesn't happen again" but meanwhile my personal stuff was out there...and it wasn't money related but it still worried me....money related info would enrage me.

 

I just don't know if it's for me, but the idea is great in theory.

[MikkiStreak]

Quote:

Originally Posted by starchild I had a Monster account and they notified me that our information (resume/contact/etc.) had been basically stolen. They have a security policy too and gave us a big "we're sorry and working to assure it doesn't happen again" but meanwhile my personal stuff was out there...and it wasn't money related but it still worried me....money related info would enrage me. I just don't know if it's for me, but the idea is great in theory.

Along these lines too---- the automatic assumption is that someone is going to hack into the servers. But there's a much easier way that a *lot* of people out there do without and without realizing it.

I actually have a client now who is a web hosting company. One of their employees was using our software and in the process of downloading a secure document, she got a virus message and it locked up her PC.

The company freaked out: their internal security department seized her PC to start investigating. I tested our software at their request and absolutely KNEW it wasn't delivered via our software. But- they shut all their employees out of our software for 24 hours until they came to that conclusion on their own.

Long story short---- this client shared her internal IT ticket with me because they weren't telling her much. In the information they told her, they happened to mention the virus file path. So I did a little digging and discovered this particular virus was distributed via JavaScripts (which IE *heavily* depends on) in an email. The virus was coded to shut down all their firewalls and virus software and then scan all the PC's at their root directory (out of the desktop view, basically) and when it found financial information, it compiled a zip file and emailed it back to a particular domain.

Had her PC not locked up and given her an error message with a false data string (pointing the finger at our software), she probably wouldn't have known she had this virus.


These are the people who are a risk to anyone's secure information. Not the equipment---- it's the employees.

[~Melissa~]

Maria you're so financial savy. I still go on your financial site you posted a while ago "Its your money"

It's Your Money! Personal Finance, Debt, and Budgeting Steps and Spreadsheets

[starchild]

Very interesting Maria. I'll bookmark that website too....thanks Melissa, I forgot all about that!