The essence of security is defense in depth -- employing multiple levels of security of different types. A real-world example is the ATM. You need both your card and your PIN to get cash (this is known as two-factor authentication). If someone steals your wallet and gets your ATM card, they don't have your PIN. And if someone else shoulder-surfs your PIN, they don't have your card. Either way, you're safe.
Similarly, at Personal Capital we deploy multiple different security systems and processes simultaneously, for extra assurance.
We use two-factor authentication when you sign in to our site, (1) verifying your password and (2) identifying the computer you're using. If someone steals your password and tried to use it from a different computer, they cannot get in. When you sign in from a different computer, we use an "out-of-band" verification to your email or your phone to make sure it's really you.
Firewalls and Perimeter Security.
Our data centers are protected with numerous perimeter and internal systems designed to prevent penetration and monitor for suspicious activity. These data centers operate under stringent financial and international security standards, including payment card industry compliance (PCI DSS Level 1) and ISO 27001 certification, placing information security under explicit management control.
We encrypt your credentials and personal data with military-grade encryption algorithms -- 256-bit AES, to be specific. Even if someone could penetrate the data center, your data would remain secure.
Not only do we persistently monitor activity, we let you do so as well. We'll send you a daily email containing every transaction during the last 24 hours in all your linked accounts -- bank, broker and credit card accounts. Every morning just take a quick peek and confirm that all the activity was yours. It's a great way to catch any problems -- like bogus credit card charges -- right away.