MyChange utilizes “bank grade” security programs and is built with America’s most trusted financial technology, working with all of the largest banks, 9,000 smaller financial institutions and millions of consumers. Our financial partner meets the highest standards in data security, privacy, and regulatory compliance and maintains comprehensive security procedures, policies, controls, and reviews across every aspect of their technology.
We do not typically receive any information from data providers that is considered personally identifiable information (PII) under the relevant regulations. As a precaution, all sensitive information is encrypted, and decryption is only possible with dedicated hardware in our private network. Private keys are split and stored securely via both hardware and software encryption on a set of physical devices held by a small group of key custodians. A strict rotation schedule is maintained for all encryption keys.
Separate access controls are utilized for each security layer, and multi-factor authentication is required for any and all access to the financial infrastructure.
Access to servers and infrastructure is logged and audited regularly with immediate alerts for changes in access patterns or file modifications. Strict control of inbound and outbound access is applied at all levels of the network. All infrastructure is scanned and patched regularly to reduce the risk of known vulnerabilities.