Our Security Policy
Your security is always our top priority. From using the most stringent and up to date security and privacy methods used by the world’s leading banks, to partnering with best of class technology partners, The ID Co. ensures your information is secured to the highest standard at all times.
Key Security Features
Strong Encryption: Communications are protected with strong encryption through Secure Socket Layers (SSL / https ) provided by Symantec VeriSign. We use certificates with Extended Validation (the green address bar) with a 128-bit minimum encryption individual to every user. This means that your data between you and our systems are protected at all times. Each users data is individually encrypted within our data store using industry standard AES 256 technology.
System emails: All system emails are generated automatically and no one at any point, including ourselves, has access to your login credentials. We will never ask you for this information.
Your money can't be moved: miiCard is a “read-only” application, which means it cannot be used for withdrawals, payments or to transfer your funds and does not store your financial transactions.
High level of security: We support the same, industry-standard security practices as your bank. It is top priority to make sure all your data is kept safe.
2-Step Verification: To access your miiCard account we require you to use 2-step verification, sometimes also called two-factor authentication. This means that you need a username, strong password and a mobile / cell phone to receive a one-time passcode by SMS when you create your account. Once in your account you can select your preferred method of 2-step verification - SMS, the YubiKey or Google Authenticator and you will need to use this every time you add, edit or share information in your account. Strict password policies and session management (with time limits) are also used to protect your account.
Security image: We add yet another level of protection to your miiCard account by providing you with a customisable security image that only you know the image and colour combination for. The image will always display on your account so you know to report a concern if the image has changed or does not display.
Protecting your Identity
How do you access my financial accounts?
The ID Co. partners with Yodlee to link your financial accounts to your miiCard account to verify your identity. When you use your online bank login details through our services this information is sent directly to Yodlee and never stored by us. miiCard operates in a read only environment and never stores your transactional level financial information.
Yodlee is a global online banking solution provider and data aggregator that is renowned for its security. Yodlee look after the data of banks across the world and power internet banking for leading banks across North America. Yodlee is examined by the Federal Financial Institutions Council, a formal body established under U.S. legislation to set standards in relation to banks and their service providers, including Yodlee. Audits are carried out through the Office of the Comptroller of the Currency in the U.S. In addition, Yodlee are a Level 1 service provider to Payment Card Industry Security Standards Council (PCI), they are subject to certification requirements of the PCI and are monitored for compliance with the standards. Yodlee is also part of the EU Privacy Safe Harbor certification. If you would like to know more about Yodlee’s security standards, please visit : http://www.yodlee.com/yodlee-security.
Yodlee have over 15 years experience of undertaking aggregation and money transfer services for large numbers of U.S. banks. Yodlee currently supports over 65 million users and employs the best security measures to protect their data.
How is my account information protected during transmission?
The transmission of data is protected using industry recognised 128-bit encryption standards. Users passwords are transmitted and stored in encrypted format at all times.
Where are my financial account credentials stored?
Your financial account credentials are stored on Yodlee's servers, which are securely housed in an Internet server hosting space that provides enhanced physical security, fire protection and electronic shielding. Security personnel monitor the system 24 hours a day, 7 days a week. Access to servers requires multiple levels of authentication, including biometric (hand print scan) procedures. miiCard never stores your financial account credentials.
How do you protect my username and password?
For miiCard account holders, your personal information is entered through Secure Socket Layer (SSL), which creates an encrypted connection between your browser and our servers. This information is kept encrypted at all times.
Who has access to my account?
You create your miiCard account username and password and this information is only known to you. Keep this secure and do not share this information with anyone. No one at miiCard will ever have access to your password or will ever ask you for this information.
What financial information does miiCard store?
miiCard stores summary and transaction data on your financial relationships. We provide financial transaction data in a read-only environment which is shared only with your full consent.
Stay Secure Online with these Tips
We strongly recommend you follow these security measures to protect your miiCard account:
- Check the address bar of your browser for the Symantec Verisign Extended Validation certificate identified by a green address bar when creating your miiCard account or logging into it
- Remember that miiCard will never email you asking for your password or secure credentials
- Set your security image and always check this when you access your miiCard account
- Keep your miiCard username and password secure and never share these details
- Make your password at least six alpha (upper and lower case) and numeric characters
- Change your password periodically
If you are concerned with the security of your account contact us at firstname.lastname@example.org immediately.