Security

How To Keep Your Financial Data Safe Cybersecurity threats are now the norm. Here's how we work with customers to protect their financial data. When it comes to protecting your financial information, the biggest threats are the most obvious: spam calls, phishing emails, and questionable messages. Scammers are constantly developing new, more devious ways to steal your personal information.  With software, they guess millions of passwords per second. They scrape your social media accounts for personal information to manipulate you or your friends. But most of all, they’re counting on you to let your guard down. Here are four ways we can work together to protect your financial data. Caution is your first line of defense If a phone call, email, or message seems fishy, it probably is. Would your bank really ask for your account number over the phone? What comes up when you Google the number? The IRS says they don’t email or text message people, and they’ll never ask for your personal information—so is that really them in your inbox? Why does that link have random characters instead of a URL you recognize? Is that the correct spelling of that company’s name? Don’t ever share personal information unless you’re sure who you’re sharing it with. And make sure that other people don’t have access to your passwords or login information, and you’re not reusing passwords on multiple sites. Two-factor authentication helps secure your account using a passcode that rotates over time, or one that you receive via text or a phone call.   Encryption is essential Any time you access a website or use an app, your device communicates with a server. With the right expertise, someone could hijack these communications and steal your information. Encryption prevents this. Encryption takes these sensitive communications and jumbles them up. The only way to un-jumble them? A key that only your device and the server share. It works like this: When you access Betterment, your connection is encrypted. But if you’re ever visiting a third-party site and don’t see the padlock in the browser bar, your connection is not secure. Don’t share any information on those sites! Hashing hides your information—even from us! We don’t need to know your password. That’s a secret only you should know. So, we use a technique called “hashing” to let you use it without telling us what it is.  Like encryption, hashing uses an algorithm to turn information (like your password) into an unreadable sequence. But unlike encryption, hashing is irreversible. There’s no key to decipher it. We can’t translate the hashing to read your password. However, every time you enter your password, the hashing algorithm produces the same sequence. So we don’t know your password; we just know if it was entered correctly. App-specific passwords let you securely sync accounts Odds are, between all your investments, savings, payment cards, budgeting apps, and financial assets, you use more than one financial institution. That’s OK. But if you’re trying to get a more complete picture of your financial portfolio and see what you have to work with, it helps to have a single, central account that can see the others.  Today’s technology makes it easier than ever to sync external accounts. But if you’re not careful, connecting them can make your financial data more vulnerable. To provide a middle ground between complete access and maximum security, Betterment uses app-specific passwords to sync your external accounts.  Let’s say you want to sync your Mint account with Betterment, for example. Mint can generate a separate password that gives Betterment read-only access to your Mint account. You’re not sharing your login credentials, and it won’t give you or anyone else the ability to change your Mint account from within Betterment. But you can still see the information you need to make informed decisions about your money.

How Betterment Keeps Your Investments Safe Betterment uses a variety of protections to secure your investments and your overall account. Here’s the security you get with us. When you choose to invest it with us, that’s a responsibility we don’t take lightly. At Betterment, we’re proud to have a variety of protections in place to secure your investments and your overall account. In this guide, we’ll: Walk through our safety measures Talk about how two-factor authentication keeps your account secure Define SIPC insurance What safety measures does Betterment take? Betterment goes to great lengths to help keep your assets secure. Betterment is a regulated entity, and registered with the Securities and Exchange Commission (SEC) as an investment adviser. Many aspects of our operations, and all aspects of our advice, are subject to the SEC’s oversight. We make it easy to verify your investment holdings At Betterment, we believe in transparency. You can not only own independently-verifiable securities from companies like Vanguard and iShares, but you can view your precise positions in these investments at all times. Just log into your account from any device to view your previous day’s performance. Every day and after every trade, we disclose the precise number of shares of every ETF in which you’re invested. Our policy of transparency also extends to our dividends reports and tax statements. We not only show the transactions made on your behalf, but we also list each fractional share sold and the respective gross proceeds and cost basis for each. We regularly undergo review by the SEC and FINRA Betterment LLC, our SEC-registered investment advisor, provides investment advice and discretionary management of your account. Betterment’s affiliate, Betterment Securities, provides custody and execution services for Betterment’s client accounts. Betterment Securities is both a carrying and introducing broker-dealer registered with the Financial Industry Regulatory Authority (“FINRA”) and a member of the Securities Investor Protection Corporation (“SIPC”), whose sole purpose is to service Betterment’s clients and carry accounts that Betterment manages. Betterment Securities maintains books and records for all our customers' assets, and regulatory agencies routinely review those records. For example, Betterment is subject to rule 206(4)-2 of the Investment Advisers Act of 1940 (the “Advisers Act”), which means we receive an annual surprise exam from an independent public accountant. We never know when it’ll happen. They just show up unannounced. The auditors verify our internal books and records. They reconcile every share and every dollar we say we have against our actual holdings. They spot check several hundred random customer accounts. They contact customers to verify that the account statements we issue match our internal records. And they ask questions if anything is even a penny off. But don’t just take our word for it! You can verify their audits yourself. Our partner clearing brokerage firm also keeps its own records of all of the assets we manage for our clients, and we reconcile our records to our clearing firm’s reports on a daily basis, providing an additional independent source of verification. We also undergo regular, rigorous, independent examination, both by the SEC and by FINRA, to ensure that we properly maintain our customer records and satisfy our capital requirements. Our regulators scrutinize our revenues, expenses, and available capital on a monthly basis. Three separate annual audits by our independent public accountants verify the adequacy of our financial condition, the safety of our operational controls, and the safekeeping of customer assets we custody. Each examination ensures that our records match up with the independently available records from our clearing firm. We never commingle funds No matter what investment adviser or brokerage firm you use, they should never mix your money with their firm’s operational funds. At Betterment, our operational funds are always 100% separate from customer funds held by Betterment Securities. Customer funds are kept apart by numerous firewalls—both digital and human-supervised. We built our software from the ground up to make any sort of commingling impossible, automating all of our trading and money movement. We also avoid risky financial operations that some other retail brokers engage in, such as proprietary trading with operating capital, or lending out customer assets. We only do one thing: manage your money. How does two-factor authentication keep your account secure? One of the most important ways we protect your investments is by making it difficult for someone else to gain access to your account. Passwords are notoriously easy to crack. That’s why our Betterment engineers implemented two-factor authentication across retail client accounts, simplifying and strengthening our authentication code in the process. As a side note, certain Advised client accounts and 401(k) participant accounts through our Betterment at Work offering don’t require mandatory 2FA at this time. Two-factor authentication (2FA) adds an extra level of security by requesting two separate pieces of evidence to verify a user’s identity. You’ve likely come across it before. Have you ever entered your password in an app or website, then been instructed to type in a code that was texted to your phone? That’s one form of two-factor authentication. Such text-based verification codes are actually less secure than some other forms of 2FA, but any form of 2FA is exponentially more secure than a password alone. At Betterment, we offer two forms of 2FA: The text-based verification codes you’re likely used to More secure time-based one-time passwords (TOTP) using an authenticator app like Google Authenticator or Authy While we hope you’ll consider taking advantage of the extra security that comes with TOTP, either form of 2FA will help keep your account well-protected. What is SIPC insurance? Much like other forms of insurance, the Securities Investor Protection Corporation (SIPC) provides a safety net in case of emergency. Betterment Securities, our affiliated broker-dealer, is a member of SIPC. Health insurance exists to cover your medical needs. Car insurance helps you get you back on the road after an accident. And SIPC insurance protects your investments in the event of a worst-case scenario such as brokerage firm insolvency, covering up to $500,000 of missing assets (securities and cash), including a maximum of $250,000 for cash claims. But unlike most insurance, you don’t have to seek out and pay for SIPC on your own. All brokers—including Betterment—are required to be SIPC members. SIPC insurance only protects against missing securities. It does not cover losses due to market volatility. How SIPC Insurance Works The $500,000 coverage limit applies individually to legally distinct accounts. If you have a taxable account, an IRA, and a trust, each one is eligible for its own $500,000 of coverage. And that coverage applies to what’s missing, not to the overall balance. Let’s say you have accounts with three different brokers, and each account holds $2 million in assets. Each of those accounts is covered separately by SIPC, up to $500,000. If one of those brokerage firms were to go bankrupt, a judge would appoint a trustee to sort through the broker’s books and distribute assets back to you and other clients. Here are some possible outcomes, with specific numbers to illustrate: The trustee recovers your original assets (your $2 million) from the insolvent broker-dealer. You are made whole and experience zero loss on your account. SIPC is not involved in this scenario. The trustee only recovers $1.5 million of your assets. The remaining $500,000 is covered by SIPC insurance, and you are made whole. The trustee only recovers $1 million. You are covered by SIPC insurance for $500,000 of the missing amount, but you incur a partial loss for the remaining $500,000. Why it’s unlikely you’ll need SIPC As important as this protection is, chances are, you won’t actually need it. Custodian broker-dealers are required to undergo a series of regulatory safety checks and audits everyday and report any problems. This elaborate set of guardrails helps ensure that SIPC remains a last resort. For example, brokers must segregate their own assets from their clients’ assets. If this segregation is properly maintained, account holders should be made whole in case of firm insolvency—no matter the account size. Brokers must also closely monitor their net capital cushion, providing similar protection. Because of all this, SIPC proceedings are very rare. Since the organization was established in 1971, there have only been 330 proceedings out of approximately 40,000 SIPC brokers. In the first four years, 109 proceedings were initiated, and since then, no year has had more than 13. Secure your investments with Betterment All investing comes with some risk. But your risk should be based on the market, not your broker. We can’t control every up and down of the market, but we can and do take every precaution to keep your assets secure. Betterment employs principles of transparency, simplicity, and verification from the ground up to provide you with state-of-the-art security. As a major financial institution, we’re required to keep a large capital cushion, maintain our own records, and undergo extensive examination by regulators and public accountants. But we never put our financial cushion at risk, and we never let customer assets out of our hands. That's why you can trust us to keep your investments safe.