That’s probably the most common question I get about Geezeo. And it’s an important question, after all, we are dealing with sensitive data including logins and passwords for thousands of banks and other financial institutions. So, the question of how we secure our users’ data inevitably comes up whenever we talk about Geezeo–as it should.
So what’s the answer? The answer is that we have come up with a 100% fool-proof method for securing sensitive data such as logins, passwords and account numbers for banks and financial institutions. We guarantee the security of your sensitive information by simply not storing it.
That’s right, we have no need (and certainly no desire) to store any sensitive data. In fact, we have gone out of our way to make sure that when you enter any secure information, such that is needed to access your bank or other financial institution, that not only is it done behind the same level of security that your bank provides you from their website, but we even go out of our way to filter that information out of system log files. So, not even the developers of Geezeo will ever see sensitive data.
No trace of your data is stored or otherwise logged in any way on the Geezeo infrastructure. That’s how we keep your sensitive information secure! But it has to be stored somewhere, doesn’t it? That’s correct. Your information is stored at CashEdge, our third party information partner. We let them handle the important task of keeping your information secure, and it’s one that they take very serious. Check out our security information page for the full story.
May 21st, 2007 at 7:21 pm
This is an interesting approach, however, based on the quicktime demonstration, it looks like the approach is to do a Web Scraping approach. The only reason the security question is asked for bank of america is because they did not recognize that the user had ever logged in from the IP address that was used to connect and the question is used to prove it is you and then present the site key. Which can be ignored with a web scraping approach.
Do you have a link to CashEdge’s security information that documents how they communicate with a bank and how they keep user credentials safe?
May 21st, 2007 at 8:37 pm
Tim,
Other than the security link I provided above, I can’t provide any further information as to how the CashEdge API works, other than to say that they use commonly accepted methods for aggregation. It’s worth noting that Cash Edge’s aggregation service is used by some of the largest financial institutions (e.g. Vanguard). They are a fantastic company and a great partner. Their customers include 5 of the top 10 US Banks and 4 of the top 10 brokers. If you’d like to know more about how their aggregation service works, you are more than welcome to contact them directly.
May 23rd, 2007 at 3:06 pm
[...] on the service. A blog post by the company’s CTO Theron Parlin addresses questions about the security of the service – noting that they’re using CashEdge as their third party information [...]
January 24th, 2009 at 4:39 pm
information technology has given us lot of amenities but it has given some curses as well one in this blog about orivate information stealing. Nice info thanks