Your data’s security is top of mind for us
Our security team is dedicated to protecting your data using industry-leading security practices, anticipating threats before they emerge, and embedding security into everything we do.
How NerdWallet protects your data
Encrypted data at every step
Your sensitive data is protected with advanced encryption during transmission and at rest.
Trusted partners
Vendors with access to user data undergo a security review process designed to ensure they meet security standards.
Multi-factor authentication
We utilize Multi-Factor Authentication (MFA) to provide your data with an extra layer of security.
24/7 security monitoring
We deploy monitoring processes and tools that are designed to protect your data.
Vulnerability disclosure program
We work closely with Security Researchers to identify and fix vulnerabilities as soon as possible.
Security audits and testing
We embed regular audits, security testing, and penetration testing processes into our development process to help identify and fix vulnerabilities.
Network security
Our networks are protected by Firewalls, VPNs and Intrusion Detection Systems
Security-minded Nerds
Our team receives regular security awareness training designed to limit our vulnerability to social engineering attacks.
FAQ
Yes, all data is transmitted over encrypted channels from the customer and our partners to us with industry-standard encryption. Sensitive fields are identified by our privacy team, and receive additional scrutiny. Teams work with our security team to ensure that all the necessary protections are in place.
Our Privacy Policy contains the most comprehensive response to this question. However, on a high-level, we generally share your data with your consent, unless we are required by law to do so, or the sharing in question is required for our legitimate business interest or for purposes of enforcing our rights.
Customers can sign up with their Apple login, Google logins, or username and password saved at NerdWallet. Multi-Factor Authentication (MFA) is required to add a layer of protection to your account, by preventing malicious attackers from taking over your account without your knowledge.
Please contact us immediately
We complete yearly third-party penetration testing, and regularly engage an independent third party to find and remedy any issues. Also, we routinely take steps to look for vulnerabilities in our applications using our internal testing processes.
We enhance our consumer account monitoring with Bot and AI detections, brute force protections, and breached password prevention. Our third party risk monitoring protocol responds to vendor incidents in the same manner we would respond to internal incidents.
We utilize a third-party service that monitors for changes on the platform and targets those changes as they are released. We couple this with our internal penetration testing team and vulnerability disclosure program to further harden our infrastructure.
NerdWallet does not process your credit card payments or transactions. If you suspect something is wrong with your credit card, please reach out to your financial institution immediately.
Employees are required to complete regular security awareness training and engineers are required to complete quarterly security training. Access to customer data is granted in a manner consistent with NerdWallet’s Privacy Policy.
Yes. NerdWallet typically responds to Data Subject Access Requests within the time period provided by law. You can also see our updated Privacy Policy, to find information about how we collect, use, disclose, and otherwise process personal data.
Please reach out to our Customer Support team at [email protected] for help.
You can report it to our vulnerability disclosure program on Hackerone.