Security

We Strive to Provide the Safest Environment Possible for Our Customers

Symantec SSL Encryption

ssl-iconThe myFinancialAnswers website uses Symantec (formerly VeriSign) Secure Site Pro SSL Certificates with a minimum of 128-bit encryption, and – when participants’ web browsers support it – up to 256-bit encryption.

Physical Security of Your Data

The myFinancialAnswers (MFA) software uses the same security measures that Intuit uses, which include:

  • Your login information for financial institutions is saved in SSAE-16 complaint data centers.
  • All access is strictly controlled and logged.
  • Each endpoint part of a transaction has security measures that ensures message integrity and protects the message from being read by eavesdroppers.

servers

On our servers, we have firewalls that avoid access from any unknown addresses, ensuring that only the MFA website can access our database.

Our databases are automatically backed up every day.

Electronic Security of Your Data

When you access your data on the myFinancialAnswers server, any personally identifiable customer information (PII) is encrypted before traveling over the internet using the Secure Socket Layer (SSL) protocol.

The only sensitive PII data that MFA collects is your date of birth.

In the database, your password and other sensitive information is encrypted using the BCrypt algorithm and in order to get the best of it we enforce the use of a password with more than 8 characters.

Additional Protections

MFA limits the ability of someone else from associating your sensitive information with a particular data source. The only required information is your birth date, state of residence and email address.

MFA needs your birth date and state of residence for retirement and tax calculations. Your email is required for communication purposes.

Please remember: your user ID and password allow you to access the information you have entered in prior sessions. It is important that you:

  • Choose a password that is not obvious
  • Protect your User ID and password from unauthorized discovery or use.
1) Statement on Standards for Attestation Engagements (SSAE) No. 16 is the authoritative guidance that allows service providers to disclose their control processes to their customers (and their customers’ auditors) in a uniform reporting format. SSAE-16 audit reports on the effectiveness of internal controls at service organizations.