MoneyCenter Login
Security Overview
Request Security Data Sheet

Join Us At


Yodlee is committed to establishing and maintaining a comprehensive and dynamic security program for ourselves, our customers and our partners.

To achieve that commitment, Yodlee ensures that:

  • Confidentiality of corporate and customer information is protected
  • Integrity of information is maintained
  • Availability of information and processing resources is ensured
  • Regulatory and legislative compliance requirements are met
  • Security awareness training is provided to all staff to address the human factors of information security

Yodlee has adopted best practices for information security management aligned with leading principles, such as Defense in Depth, Least-Privilege and Role Based Access Control.

Yodlee's security model integrates our infrastructure, our applications and our processes to provide comprehensive layered protection. While our controls may change, the objectives remain the same, namely to provide a safe and sound environment for our clients' users to conduct transactions and manage their finances.

Some of Yodlee's security features are:

Infrastructure

  • Granular access controls and extreme Network Segmentation
  • Bastion Hosts for access to Production environments with multi-factor authentication and complete session capture
  • Highly resilient and secure Production architecture
  • Data encryption facilities optimized for storage and transmission
  • Security Information and Event Management (SIEM) - Security event correlation from authentication servers, infrastructure components and database activity monitors

Applications

  • Security certification required for all application releases
  • Integration with the Software Development Lifecycle
  • Automated and manual Source Code Reviews
  • Penetration testing at multiple stages of the code lifecycle from Alpha to Release Candidates
  • External Assessments of Production Environments
  • Secure coding training and assessments for all developer teams

Process

  • Comprehensive risk management program with assessment and mitigation tools tailored for specific risk domains
  • Information Security Program aligned with the ISO 27002 information security standard as well as FFIEC Technology Service Provider and applicable guidance
  • Internal and External Assessments, Audits and Exams
  • Policy-driven standards-based procedures and guidelines for Production operation