Cake’s #1 Priority is Protecting Your Personal and Financial Information
My name is Doug Reed, and I’m the Co-Founder and Chief Technology Officer of Cake. I have spent the last 10 years building large-scale and secure consumer financial services and almost 15 years as a software technologist. I want to take a moment to talk about our security.
In short: Cake takes a stance on security similar to the online banks and brokerage firms you already use and trust.
Have you ever used PayPal? I built PayPal’s credit card gateway with Wells Fargo, which continues to process around $2B in transactions like yours every month. Before joining Cake, I worked at Intuit, the maker of the popular finance software Quicken, where I was responsible for the integration between Quicken and QuickBooks and over 3,500 financial institutions. When one of the 10 million Quicken users imports their banking and brokerage information into Quicken, it happens on a system that I helped create.
I have spent most of my career protecting personal and financial information.
Now that Cake is live, I want to tell you what I and the team are doing to ensure you have the same confidence using Cake that you already do with PayPal and Quicken. Recently, I have received questions about our security practices and I wanted to provide answers on our blog so the entire Cake community can benefit:
Does Cake Use A Third Party To Aggregate My Brokerage Data?
No. We have built our systems ourselves. We do not use any third party aggregation services such as Yodlee. That means when you link an account to Cake, the brokerage account credentials and data that you provide never leaves Cake. When you delete your account, Cake does not maintain a record of your information unless required by law.
How Do You Protect My Brokerage Account Login Information?
Cake uses a 5-pronged strategy when it comes to protecting your personal, brokerage and portfolio data.
Physical Security:
Cake has its own dedicated hardware and server infrastructure. Cake’s data center provider is SAS-70 compliant.
Network Security:
Our network topology was developed based on my experience passing bank security audits at Wells Fargo and Intuit. Among our network security measures, Cake’s topology uses firewalls and encryption to protect our network.
Data Security:
Every piece of your personal and financial information receives a specific security classification; “public,” “restricted,” and “secret.” The definitions of these classifications are as follows:
- Public – No security restrictions (i.e., your screen name)
- Restricted – Only visible to you, the Cake member who owns that data (i.e., net worth, number of shares)
- Secret – Should not be disclosed (i.e., brokerage credentials)
After classifying each piece of data, we then attach specific security policies based on the classification of that data element.
We recognize the sensitivity of the brokerage credentials our users entrust with us and those are designated as “Secret.” This means that we do not persist these in plain text and we do not display them within the application - even to you.
Application Security:
Cake has taken great care in our application development process to identify and prevent security vulnerabilities such as cross site scripting and parameter tampering. Cake has engaged Whitehat Security’s Sentinel, a comprehensive website vulnerability management system that conducts rigorous and up-to-date assessments of our application, scanning for both the OWASP Top 10 and WASC 24.
Internal Procedures:
All of Cake’s employees and contractors are bound by strict confidentiality agreements and only have access to data on a “need to know” basis. Cake employees also have a clear separation of responsibilities.
I am always watching, tightening and improving our systems to maintain your security and to earn your trust. If there are things that I can do better, please let me know by sending me an email to dreed@cakefinancial.com.
Most Popular
Posted by: Doug Reed
Add A Comment