Security FAQ

  1. How secure is moneyStrands?

    Your financial data is sensitive information; therefore security is our top priority. With moneyStrands, you can expect the same level of security that you receive from your bank and investment websites. Some of the controls we have in place to protect your data include:

    • Industry standard SSL encryption is used on all of our web pages, ensuring that your data is encrypted when using our service.
    • Servers are hosted in a secure data center with 24/7 CCTV video surveillance and security guards.
    • We deploy the latest security technologies to protect our systems, including application level firewalls and monitoring technologies.
    • Company policies and procedures are based on industry best practices such as ISO27002, secure coding, and data encryption.

  2. Can other people see my financial data in moneyStrands?

    No, other users will not be able to see your detailed financial information. If you elect to join a Tag group, only aggregate data that you select will be used to contribute to the Tag group’s statistics. Tag groups will not display data until a minimum number of individuals have joined the group to protect your individual contribution.

  3. If somebody knows my moneyStrands login information can they make changes in my bank accounts or credit cards used in this service?

    No, it is not possible to make changes to your financial accounts using moneyStrands. moneyStrands is a read-only application, meaning that it reads data about your transactions from your financial institution, but does not create new transactions.

  4. Why does moneyStrands need my bank login information?

    moneyStrands needs this information to be able to establish a secure connection to your financial institution in order to download your account transaction history. We can then download changes on a regular basis to provide you with up-to-date information. moneyStrands does not store your login and password to your financial institutions in our systems, so in the unlikely event that our systems were compromised, your login and password to your financial accounts would not be exposed.

  5. Am I at greater risk of identity theft or fraud by using moneyStrands?

    No, the moneyStrands service will provide you with greater insight into your financials, thereby helping to reduce your risk of fraud and identity theft. With our service you will have:

    • Detailed oversight into all of your accounts. You will not need to log into each account to see if any activity that might be unauthorized has occurred on that account.
    • Alerts can be setup in your moneyStrands account to alert you if events such as large purchases, unusual spending and low balances have occurred on any of your accounts.

  6. How does moneyStrands protect my data from hackers?

    We have engaged professionals to independently test our security controls. These companies perform hacking attacks on our website to try to break in, using the same kinds of technologies and techniques used by malicious hackers.

  7. Does moneyStrands encrypt my data?

    moneyStrands uses industry standard SSL 256-bit encryption on all of our websites. This means that when you connect to our website, everything you see on our site is SSL encrypted from our servers to your Internet browser

    Also, all connections to your financial services providers are performed over a 128-bit SSL encrypted connection.

  8. How does moneyStrands help protect me from identity theft?

    At moneyStrands we recognize your concerns around privacy and identity theft, which is why we only require you to enter your email address and a password to sign up for the service. Additional information may be entered to gain more value out of the service, and we treat that information with the utmost care. Steps taken to ensure the privacy of your information include:

    • moneyStrands limits access to your account information to authorized support personnel only.
    • All support personnel who have access to your information have passed a mandatory criminal background check to the extent permitted by applicable law.
    • We have also deployed monitoring tools, intrusion detection systems and other security tools to control and protect access to your sensitive data.
    • We have strict privacy practices in place to ensure that your information is not shared with third parties without your consent.

    moneyStrands also complies with the European Union Safe Harbor framework set forth by the Department of Commerce regarding the collection, use and storage of personal information.

  9. How can I protect myself from identity theft?

    You can protect your identity by following safe computing practices, such as:

    • Never disclose your username and password to anyone, including anyone claiming to be from moneyStrands.
    • Turn on email alerts in moneyStrands so that you can see account changes, and activities on your financial accounts.
    • Install anti-virus software on your computer and keep the signatures up-to-date.
    • Keep your computer up-to-date on all security patches and upgrades.
    • Use caution when opening email attachments or following web links inside of email messages.
    • Choose a strong password that is made up of both numbers and letters and change your password frequently. Your password should be something that you can remember but not easily guessed. For example, a word out of the dictionary or your mother’s maiden name should not be used as a password.
    • Check your credit ratings on a regular basis and report any suspicious activity. You can check your credit report on http://www.annualcreditreport.com.

    You can learn more about identify theft and how to protect yourself against it by visiting: http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html.

  10. What is phishing and how does moneyStrands help protect me against it?

    Phishing is an attempt to steal sensitive information such as usernames, passwords, and credit card information by tricking you into entering such information into a phony website which looks like one you trust. These pages may look just like the real site, with the same images, colors and language. Phishing can be performed in different ways, but some of the most common forms of phishing come in email or by following a link on a malicious website. They will then ask you to login or to enter sensitive information, which is then stolen.

    moneyStrands has integrated certain controls into our processes to help protect you from phishing attacks:

    • We will never ask you for your username and password. Nor will we ask for any financial information or account numbers via email. If you receive a phishing message purporting to be from moneyStrands please contact us.
    • We use secure coding practices to help ensure that our web site is secure and protected from malicious code.

  11. How can I protect myself from phishing?

    You can protect yourself from phishing attacks by following safe computer practices, such as:

    • Never send your login information, credit card information or bank account information in email--moneyStrands will never ask for this information via email.
    • When you receive an email from moneyStrands, you should copy the link and paste it into your web browser. Many phishing attacks will display a URL that looks safe such as http://money.strands.com/login, but when you click on the link it will take you to a malicious website.
    • Beware of emails that have an urgent tone in them. If you receive an email with an urgent tone telling you to login to our site, do not click on the links. You should go to http://money.strands.com website directly by typing the URL into your web browser.
    • Install a personal firewall, anti-virus and anti-spyware software and keep them up-to-date.
    • Use caution when opening email attachments or running programs received in email or via websites.

    You can learn more about phishing and how to protect yourself against it by visiting: http://phishinginfo.org/.

  12. Will moneyStrands sell my email address or other personal information to other companies?

    No, moneyStrands will not share nor sell your email address or contact information to third parties or spammers. We respect your privacy and will only send you emails for service-related issues, or to inform you of new features or product offerings by moneyStrands.

    You can read more about our privacy practices at https://money.strands.com/about/privacy.

  13. Will my bank data be removed when I close my account?

    Yes, if you choose to discontinue service with moneyStrands your bank information and transaction details will all be removed from our database.

  14. Does moneyStrands provide “Defense in Depth” security practices?

    Yes, moneyStrands employs “defense in depth” security practices. Our “defense in depth” practices have lead to the integration of security controls at the application, database, servers and network levels, leveraging leading security technologies. Using both preventive and detective controls, we are able to control and detect access to your sensitive data.

For additional questions or concerns, please contact us.