If you’re looking for an easy way to stay on top of your credit, Credit Karma is a valuable resource. Not only does it show you the latest inquiries on your credit file, your credit usage and your credit score, it’s also free to use.
Money expert Clark Howard is a big fan of using Credit Karma because it’s a vital tool in the credit freeze process due to its free credit-monitoring feature. Another great benefit is that the site teaches you how to improve your credit, he says.
But Team Clark gets a lot of questions around whether Credit Karma is safe to use. They want to know how secure Credit Karma is and what protections are in place to keep their financial information from falling into the wrong hands.
Is Credit Karma a safe site?
With the prevalence of data breaches today, it’s understandable why people might be hesitant to trust a free site like Credit Karma.
But that concern is largely unfounded, says cybersecurity expert Adam Levin, founder of cyber defense services firm CyberScout.
Levin told us that Credit Karma’s security is on par with other well-known financial entities in the United States, employing bank-level security.
“Credit Karma and Credit Sesame use the same primary source information as the credit reporting agencies. While they may not have the sheer quantity of data, they have the same quality from the same sources.”
“Bank level security is very impressive, and financial institutions have made themselves harder targets, but even mega-banks touting superior security have been compromised.”
What security measures are in place at Credit Karma?
Credit Karma itself touts some of the primary things they do to keep users’ data safe:
- The site uses 128-bit or higher encryption to protect customers’ info during data transmission.
- The site also has an external bug bounty program that rewards security researchers for finding and reporting security issues.
Credit Karma also says it regularly reviews its security program for compliance with ISO 27001, SOC Type I and II.
Service Organization Controls (SOC) are rigid accounting standards for reporting financial information. SOC 1 deals with requirements for secure information security management.
SOC II has to do with the operational aspect of an organization’s information security. It attests to security, process integrity and other privacy barometers.
What personal information does Credit Karma require from users?
Credit Karma asks for what some people might consider awfully personal information. To sign up, you need to provide the following:
- Full name
- Date of birth
- Last four digits of your Social Security Number*
Giving the last four digits of a Social Security Number is what gives many people pause. So why does Credit Karma need it?
The site uses your full name and the last four digits to your Social to match your identity to your Equifax and TransUnion credit files.
Credit Karma says in some cases they may need a person’s full Social Security Number to match it to the correct file.
The site says that it does not sell any of your personal information and that “we do not disclose Social Security numbers to third parties except with your consent, or where such disclosure is required or permitted by law.”
So, what’s the catch with Credit Karma?
Credit Karma is able to provide its services for free because it recommends its partners’ products like credit cards and other loans to users based on their credit profile, credit score and other personal data.
When someone signs up for one of those products, Credit Karma is compensated for playing the middle man in that transaction.
Credit Karma protects your information about as well as the big banks, according to our security expert. But you have to do what you can to protect yourself, as well.
Once you sign onto the site, you should opt to turn on SMS 2-factor authentication for added protection.
You can do this by clicking on Profile & Settings and then Security Settings:
Finally, if you have further concerns about security or privacy at Credit Karma, you can email them directly at [email protected].