Intuit Intuit HomeIntuit Products
Intuit OFX Connectivity
Welcome Visitor
Important Quicken Announcement
Direct Connectivity
Support Hot Topics
Connectivity Methods
Connectivity Comp
How to Get Started
Site Overview
FFIEC Guidance (MFA)
Auto Launch Program
Express Web Connect
Become a FI Partner
OFX providers
OFX Conversion Agreement
401(k) Connectivity
QuickBooks Software
Quicken Software
Company Information
Contact FI Support
Support Roadmap
Cheat Sheet
Conversion Information
Express Web Connect/Aggregation - Security and Privacy Information
At Intuit, we place the highest importance on respecting and protecting the privacy of our customers. We would like to share with you our information practices and other privacy aspects of our software products and services:
1. How does Intuit protect your customers' information?
2. How do I ensure the customers' information is secure at Intuit?
3. Why do you need customer's data, such as MFA questions and answers, to resolve an escalated issue?
1. How does Intuit protect your customers' information?
Intuit introduced a new download feature starting with Quicken for Windows 2007 which allows customers the option to automatically download account information, (including transactions, payments, and balances), from their financial institution (FI) directly into the Quicken software product using One Step Update. To do this, we require the customer's user name and password for their FI to access their online account. The financial information is transmitted using secure socket layer technology and encryption during transmission using 40-bit or 128-bit encryption to make sure the information is unreadable as it passes over the Internet. The user name and password are encrypted and are stored in our fire-wall protected servers. Our servers are located in a SAS 70 compliant data center, which means it has been independently audited and uses the same security standards and practices as the leading FIs. The downloaded financial information is stored in our firewall-protected servers and is securely transmitted directly to the desktop. Downloaded financial information is not used or shared for anything other than providing the customer with the update they have requested.

We may measure the total number of customers and frequency of usage of our download services. This information is anonymous and is used only in the aggregate. It does not contain any personal financial information and it is not linked to your individual information. We also periodically receive aggregated, anonymous general usage information from financial institutions or their processors, including which online services are used and the frequency of usage. These metrics help us to evaluate how we can improve our services and assist us with troubleshooting and technical support.
[Back to Top]
2. How do I ensure the customers' information is secure at Intuit?
The privacy and security of our customers' data is of the highest importance to us and we consider it key to maintaining customers’ trust. We employ industry recognized security safeguards to help protect the personally identifiable information you provide us from loss, misuse, or unauthorized alteration.
[Back to Top]
3. Why do you need customer's data, such as MFA questions and answers, to resolve an escalated issue?
The method used for the automated One Step Update is based on scripts and aggregation technology. There are instances whereby in order to fix the scripts, our Script Engineering team will need the customer's specific user information. We will exhaust all resources before asking for the customer's data. But if we do need the information, Intuit ensures the data is used solely for the purpose of fixing the issue and then properly discarded.

The Script Engineer solely uses the credentials to resolve the error. After the script is fixed, the Script Engineer deletes all credentials from the local machine and signs the Credential Management Security Log confirming deletion of credentials.

As a safe-measure, after we have completed our investigation, we encourage the customer to change their customer credentials to new data.
[Back to Top]