At Intuit, we place the highest importance on respecting and protecting the privacy of our customers. We would like to share with you our information practices and other privacy aspects of our software products and services:
| 1. |
How does Intuit protect your customers' information?
Intuit introduced a new download feature starting with Quicken for Windows 2007 which allows customers the option to automatically download account information, (including transactions, payments, and balances), from their financial institution (FI) directly into the Quicken software product using One Step Update. To do this, we require the customer's user name and password for their FI to access their online account. The financial information is transmitted using secure socket layer technology and encryption during transmission using 40-bit or 128-bit encryption to make sure the information is unreadable as it passes over the Internet. The user name and password are encrypted and are stored in our fire-wall protected servers. Our servers are located in a SAS 70 compliant data center, which means it has been independently audited and uses the same security standards and practices as the leading FIs. The downloaded financial information is stored in our firewall-protected servers and is securely transmitted directly to the desktop. Downloaded financial information is not used or shared for anything other than providing the customer with the update they have requested.
We may measure the total number of customers and frequency of usage of our download services. This information is anonymous and is used only in the aggregate. It does not contain any personal financial information and it is not linked to your individual information. We also periodically receive aggregated, anonymous general usage information from financial institutions or their processors, including which online services are used and the frequency of usage. These metrics help us to evaluate how we can improve our services and assist us with troubleshooting and technical support.
|
| 2. |
How do I ensure the customers' information is secure at Intuit?
The Intuit servers are hosted at two SAS 70 level facilities at NCR. Statement on Auditing Standards (SAS) No. 70 - Service Organizations is the authoritative guidance that allows service providers to disclose their control processes to their customers (and their customers' auditors) in a uniform reporting format. SAS-70 audit reports on the effectiveness of internal controls at service organizations. Our NCR facilities are at two eCommerce Data Centers (Columbia, MD and Columbia, SC) and one Disaster Recovery Hot Site (Dayton, OH).
|
| 3. |
Why do you need customer's data, such as MFA questions and answers, to resolve an escalated issue?
The method used for the automated One Step Update is based on scripts and aggregation technology. There are instances whereby in order to fix the scripts, our Script Engineering team will need the customer's specific user information. We will exhaust all resources before asking for the customer's data. But if we do need the information, Intuit ensures the data is used solely for the purpose of fixing the issue and then properly discarded.
The Script Engineer solely uses the credentials to resolve the error. After the script is fixed, the Script Engineer deletes all credentials from the local machine and signs the Credential Management Security Log confirming deletion of credentials.
As a safe-measure, after we have completed our investigation, we encourage the customer to change their customer credentials to new data.
|
|
