What Encryption Means for Your Financial Security

Encryption and hashing are mechanisms used to conserve your data’s confidentiality and integrity, so that your secrets are kept secret when you send them to us and our servers.

What Encryption Means for Your Financial Security

You have secrets. They could be passwords, credit card numbers, or even your social security number (SSN). In this digital age, sometimes you have to share those secrets with specific companies, like your financial providers.

Encryption is a way to help ensure the confidentiality of a communication between you and the intended recipient, allowing you to share your secrets with that recipient—and no one else.

The Problem

When you send a message on the internet, it passes through infrastructure maintained by different corporations and people. These parties include people sharing your Wi-Fi network, your employer, and your Internet Service Provider (ISP)—and any one of them could potentially read your messages.

When you sign up with Betterment, you must provide your SSN. If we were to send the digits of your SSN over the internet without using encryption, your secret could be exposed to any one of the parties that exist between your computer and our servers.

The Solution

Fortunately, the problem has already been solved. We use encryption to prevent unauthorized parties from reading your data. To encrypt a message, your computer uses a secret encryption key to “jumble” letters in a specific way into what is known as ciphertext.

Only those with the appropriate decryption key are able to turn the ciphertext message back into a meaningful one in the form of plaintext (i.e., your original unencrypted message). The keys are shared between the two parties through a secure key exchange protocol.

Encryption makes it significantly harder for anyone besides you and your intended audience to be able to read your messages, since they would not have the secret key necessary to decrypt your message.

For example, instead of sending your SSN, your computer sends the encrypted version of your SSN, which is also encoded to prevent transmission errors and would look something like:


To anyone able to view the above ciphertext in our SSN example, the message is a meaningless sequence of characters.

Our servers are the intended recipient and have the appropriate decryption key, so we can actually read this and turn it back into the original plaintext message, which is your actual SSN.

Flowchart showing encryption and then decryption of a secret

Betterment helps keep your account secure.

At Betterment, we handle many secrets. We use encryption, among other security procedures, to help ensure the confidentiality and integrity of data in transit between your device and our servers.

When you log in to your Betterment account on your web browser or mobile app on an untrusted network, such as a coffee shop with an open Wi-Fi network, your communication with Betterment is encrypted. Hence, it cannot be read by anyone snooping on your communications via the open network.

Once we receive your data, we store some of it when necessary so that it can be made available to you the next time you access your account. Encryption is used internally within our systems to safeguard the secrets you’ve entrusted us with. Any of your secrets that need to be stored on our servers are first encrypted, and then stored in ciphertext form. The original secret itself is never stored in plaintext form.

Secrets should stay hidden, even to us.

In some cases, we don't need the ability to read or know the actual value of your secret. Take passwords, for example. A password is used to authenticate you under the assumption that it is something only you know, and no one else knows. When you try to log in to your Betterment account, we only need to verify that the password you entered when logging in matches the one you entered when creating your account.

How can we compare the two values without actually looking at your password? Enter hashing.

Hashing algorithms are used when we want to store a secret, but we do not need the ability to decrypt it. For example, your passwords are hashed. This process turns them into an unreadable sequence of characters, called a hash. Unlike encryption, hashing can’t be reversed. Given a hashed message, you cannot retrieve the input that generated the message.

When you log in, the password you entered goes through the same hashing algorithm used when you set up your account. The hash of the password you just entered is compared to the hash we have on file from when you registered your account.

If the hashes are the same, then you’ve entered the same password. We can therefore allow you to log in without ever storing your actual password—only the hash.

Flowchart that shows process of checking to see if hashed messages match

Please note this article’s purpose is to explain some of the core concepts behind securely storing secrets, and as a result it presents a simplified view of complex technical processes.

We're here to help.

Have questions about how to keep your account safe? Feel free to reach out to us. We’re always happy to help. We have a dedicated security team working for you and are happy to answer any questions you might have.