Our Security Policy
Your security is always our top priority at miiCard. From using the most stringent and up to date security and privacy methods used by the world’s leading banks, to partnering with best of class technology partners, miiCard ensures your information is secured to the highest standard at all times.
Key security features
- Strong Encryption: Communications are protected with strong encryption through Secure Socket Layers (SSL / https ) provided by Symantec VeriSign. We use certificates with Extended Validation (the green address bar) with a 128-bit minimum encryption individual to every user. This means that your data between you and our systems are protected at all times. Each users data is individually encrypted within our data store using industry standard AES 256 technology.
- 2-Step Verification: To access your miiCard account we use 2-step verification, sometimes also called two-factor authentication. This means that you need a username, strong password and a mobile phone to receive a one-time passcode by sms when you create your account. Once in your account you can select your preferred method of 2-step verification - sms, the YubiKey or Toopher mobile app and you will need to use this every time you add, edit or share information in your account. Strict password policies and session management (with time limits) are also used to protect your account.
- Security image: We add yet another level of protection by providing you with a customisable security image for your account that only you know the image and colour combination for. The image will always display on your account so you know to report a concern if the image has changed or does not display.
- System emails: All system emails are generated automatically and no one at any point, including ourselves, has access to your login credentials. We will never ask you for this information.
- High level of security: We use the same, industry-standard security practices as your bank. It is top priority to make sure all your data is kept safe.
- Your money can't be moved: miiCard is a “read-only” application, which means it cannot be used for withdrawals, payments or to transfer your funds and does not store your financial transactions.
Stay secure with these tips
miiCard strongly recommends you follow these security measures to keep your account secure:
- Set your security image and always check this when you access your account
- Check the address bar of your browser for the Symantec Verisign Extended Validation certificate identified by a green address bar
- Remember that miiCard will never email you asking for your password or secure credentials
If you are concerned with the security of your account contact us at firstname.lastname@example.org immediately.
Protecting your miiCard
How do you access my accounts?
miiCard partners with Yodlee to link your financial accounts to your miiCard account to verify your identity. When you create your miiCard account and link your bank account details this information is sent directly to Yodlee and never stored by us. miiCard is a read only environment and never stores your transactional level financial information.
Yodlee is a global online banking solution provider and data aggregator that is renowned for its security. Yodlee look after the data of banks across the world and power internet banking for leading banks across North America and other geographies. Yodlee is examined by the Federal Financial Institutions Council, a formal body established under U.S. legislation to set standards in relation to banks and their service providers, including Yodlee. Audits are carried out through the Office of the Comptroller of the Currency in the U.S. In addition, Yodlee are a Level 1 service provider to Payment Card Industry Security Standards Council (PCI) ; they are subject to certification requirements of the PCI and are monitored for compliance with the standards. Yodlee is also part of the EU Privacy Safe Harbor certification. If you would like to know more about Yodlee’s security standards, please read Yodlee's Security Policy and Yodlee's Security Compliance pages.
Yodlee have over 10 years experience of undertaking aggregation and money transfer services for large numbers of U.S. banks. Yodlee currently supports of over 35 million users and employs the best security measures to protect their data.
How do you protect my username and password?
Your personal information is entered through Secure Socket Layer (SSL), which creates an encrypted connection between your browser and our servers. This information is kept encrypted at all times.
Who has access to my account?
You create your miiCard account username and password and this information is only known to you. Keep this secure and do not share this information with anyone. No one at miiCard will ever have access to your password or will ever ask you for the information.
How is my account information protected during transmission?
The transmission of data is protected using industry recognised 128-bit encryption standards. Users' passwords are transmitted and stored in encrypted format at all times.
Where are my financial account credentials stored?
Your financial account credentials are stored on Yodlee's servers, which are securely housed in an Internet server hosting space that provides enhanced physical security, fire protection and electronic shielding. Security personnel monitor the system 24 hours a day, 7 days a week. Access to servers requires multiple levels of authentication, including biometric (hand print scan) procedures. miiCard never stores your financial account credentials.
What financial information does miiCard store?
miiCard stores summary data on your financial relationships. We do not store any transactional level detail or full account numbers/sort codes or anything that could be used to action a funds transfer from your account. miiCard is purely a read-only environment.
Protect your miiCard
miiCard strongly recommends you follow these security measures to protect your account:
- Keep your miiCard username and password secure and never share these details
- Make your password at least six alpha (upper and lower case) and numeric characters
- Change your password periodically
If you think that your username and password have been stolen or may have become known to someone contact change your password immediately and contact us at email@example.com.