We encrypt all your credentials and separate them from your personally identifiable information. To retrieve your transaction history your details are automatically unencrypted and used to retrieve your transaction history, then immediately re-encrypted. We at Moneyhub don’t store any of your login credentials, including passwords.
Moneyhub is a read-only service, so if your Moneyhub account should fall into the wrong hands (for example if your phone is stolen and hacked) no one can make any transactions from your account. In addition to this, to access your Moneyhub account you must provide a pin-code, password or Touch ID to log in each and every time.
Our data aggregation partner
We use an aggregation partner, Yodlee, to retrieve your bank data so that you can see all your transactions come through to the same place. We have chosen to work with Yodlee because they:
- Are supervised by the US Banking Regulators (a body similar to the UK’s Financial Conduct Authority).
- Provide a trusted service to more than 850 organisations throughout the world, including 11 of the 20 biggest banks in America.
- Have a proven 16-year track record of keeping user information safe and secure
How we are regulated
Moneyhub is a trading style of Moneyhub Financial Technology Ltd, which is authorised and regulated by the Financial Conduct Authority (FCA). We are also entered on the Financial Services Register (FRN 561538) at fsa.gov.uk/register and Moneyhub Financial Technology Ltd is registered in England and Wales no. 06909772.
We have certified ISO-27001 information security procedures. This is the same certification used by Google, Microsoft and Amazon. It is an internationally recognised standard that sets out the requirements for firms establishing and maintaining a robust information security management system. It also provides assurance that a firm with accreditation has implemented processes and controls that are secure and have been through rigorous audits and assessments. The certification also demonstrates that we as a company have adopted a proactive rather than reactive approach to managing our consumers data security
This means we adopt these processes:
- A specialist Financial Service compliance team check processes on a monthly basis
- A comprehensive risk tracker maps information asset risks back to a series of internal controls
- The principle of leas privilege is applied throughout the organisation. This is the limiting of access to the minimal level that will allow normal functioning. Staff have the lowest level of user rights that they can possible have to be able to still perform their tasks
Our security procedures
We develop the software according to secure engineering principles based on the National Institute of Standards and Technology, Technology Administration, US Department of Commerce - Special publication 800-27 Rev A.
Moneyhub Enterprise software teams undergo regular security awareness training and have a continual threat modelling system in place for the software.
Regular penetration tests are carried out to ensure that the system is protected against vulnerabilities and we use best practices and open standards to ensure that we protect against common attack vectors. Notably, we use the OAuth 2.0 and OpenID Connect standards to enable token based authorisation for all our internal services, ensuring that we don’t rely on perimeter security alone.
Access to the live system is available only to a small number of people. Any access is done via secure channels.
Our security protocols and techniques
Many of our users find that Moneyhub helps them spot suspicious activity and fraud through frequently checking their finances and categorising their transactions.
How we help our customers with their security
The Financial Conduct Authority (FCA) has released some information on your rights as a consumer who shares your information with a third party application, such as Moneyhub. The following is an excerpt from this information:
"Your banking terms and conditions should not prevent you from sharing your credentials
with regulated AIS or PIS providers. Your bank cannot hold you responsible for
unauthorised transactions just because you have shared your credentials with AIS and
To see more please visit the FCA website here.