Protecting Your Data
Our highest priority is keeping your financial data safe and secure. We use multiple layers of security, in every component of our systems, to keep your accounts and your personal information private.
We use strong security measures designed to provide only the authorised user access to personally identifiable information. Rather than just a login and password, we also verify who you are from a second source or with information only you will have, like special security questions or a code from a U2F security device or authentication app.
Your data is secured end-to-end using SHA-256 encryption. Only you can decrypt and view your data.
No individual working on the Marble Financial team can view your secure access credentials.
You must authenticate each device that accesses your account with our multi-factor authentication options. A user is only granted access after successfully presenting multiple pieces of evidence to an authentication mechanism that verifies the user's identity for a login or other transaction.
Marble Financial is analyzed and certified by prominent third party security services like Barracuda, Acunetix and other trusted professionals in online security.
Marble focuses on three main areas of security:
Our team manages a comprehensive program of risk-driven policies and procedures to maximize the information security, including guidelines and frequent audits. Our audits cover all aspects of the Production, Development, Staging, and Corporate environments as well as vendor relations and personnel management.
- Information Security
- Network Security
- Application Security
Accessing Your Data
There are mutiple layers of authorization required to access your data.
First, you will require the correct email account and password to log into your account at MyMarble.ca. Next, you will then be required to correctly answer two personal questions, if you are accessing the account from an unknown IP address for the first time. You can choose to bypass this step if you are accessing your account from a known IP address.
You have to option of using an additonal level of authorization using a wearable, multi-factor authenticator like the Nymi Band, or a similar FIDO U2F device that supports NFC touchless communication, so you can use the key with an Android device - the YubiKey NEO is such a device
You may also enable one-time password verification using using the Google Authenticator App (for iOS and Android) . Google Authenticator generates 2-step verification codes on your phone. With 2-step verification signing in will require a code generated by the Google Authenticator app in addition to your account password.