When it comes to the security of your account, our data center, SunGard, is securely staffed around-the-clock by certified engineers. In addition to the many layers of security, power, environmental and network redundancy at SunGard, we maintain three layers of storage for user data:
All of our customer-facing systems are housed in an SSAE16 Type II facility, and physical access is only gained after passing multiple layers of access restrictions (ID, fingerprint, passcode, etc). All physical access is logged. All access over the Internet is done over SSL using High Grade encryption. Our systems are protected by firewalls, and all requests are examined to prevent SQL injection, cross-site scripting and other types of attacks. Application access to the databases is mediated by an API layer that further protects customer data. Accesses are logged to a centralized logging system, and the logs are examined in real time for unusual activity by an automated system.
The security measures we’ve implemented, while reasonable and customary to ensure the security of account login credentials and data such as names, email addresses, birthdays, etc., don’t meet the standards required by PCI, HIPPA or FERPA. You shouldn’t store Personally Identifiable Information in your account that could be used for Identity Theft such as a member's full name in combination with a Social Security number, drivers license or identification card number, financial, credit or debit card number.