Wealthsimple is one of Canada’s fastest-growing investment and wealth management platforms. But is Wealthsimple safe?
Founded in 2014, Wealthsimple now has over 2 million Canadian users. The company offers a robo-advisor service, a stock and cryptocurrency trading platform, a peer-to-peer money transfer service, and even a free tax-filing program. Of course, all of these services are prime targets for hackers and data thieves.
Below, I’ll outline some of Wealthsimple’s core security measures and examine what they’re doing to keep user data safe.
To create a Wealthsimple account, you’ll need to provide the company with personal details, including:
- Your legal name
- Your address
- Your residency status
- Your social insurance number (SIN)
- Your birthday
- Your estimated salary
By the time you complete your account and get everything set up, Wealthsimple has more of your personal information than your best friend. This is the case with almost every major investment platform, though, no matter what country you’re in.
However, it has led many to question how safe the platform is.
One of the first questions that come to mind is, “Does Wealthsimple sell my data?” This is a legitimate concern, as it’s become increasingly popular for social media platforms to sell user data (either directly or indirectly) to advertisers and even government agencies.
Wealthsimple is quite clear on this and states that “Wealthsimple does not sell any of our clients’ data.”
Additionally, Wealthsimple has implemented a number of security measures to keep its users safe.
Your Social Insurance Number (SIN) is a key component used to verify your identity and residency status. Without it, you won’t be able to create a Wealthsimple account.
Since Wealthsimple must adhere to strict tax-reporting rules, they’re legally required to collect your SIN to approve your account. Providing your SIN also verifies that you are, without a doubt, who you say you are.
If you’ve recently changed your SIN (after a name change, for example), you’ll need to mark the changes within your Wealthsimple account.
Wealthsimple is a relatively new platform. Often, fresh platforms are prime targets for hackers, as they’re more likely to have security loopholes. To date, though, Wealthsimple has never reported a major data breach or hacking attack.
If you scour through the web, you’ll find random instances of user accounts becoming compromised. However, these are almost always due to user errors or negligence and don’t reflect the Wealthsimple platform’s cybersecurity protocols.
One of the things I appreciate about Wealthsimple is the company’s transparency. They’ve implemented a number of security measures, which you can read about in full here.
Here’s a quick overview of how Wealthsimple keeps your account safe and secure.
One of the most basic security measures used by Wealthsimple is two-factor authentication (or two-step verification). This simple but effective protocol helps prevent unauthorized individuals from accessing your account by requiring users to verify new login attempts with a secondary device.
For example, if I try to log into my Wealthsimple Trade account on a new computer or a new Wifi network, I’ll receive a prompt asking me to verify that it’s really me. To verify that it’s me, I must request that a one-time code be sent to my phone via SMS or using a third-party authenticator app like Authy.
I’ll have a few moments to enter the code, after which the code expires, and I’ll have to repeat the process.
Although 2FA isn’t always foolproof (somebody could steal my phone, for example), it’s a good first layer of security that’s compounded by the following layers.
Whether you’re accessing Wealthsimple’s desktop platform or using the mobile app, all of the data that’s transferred between your device and Wealthsimple’s servers is encrypted with industry-standard 256-bit AES encryption.
To hack through this level of encryption using a standard brute-force attack with today’s top computers would take an estimated one billion years. To match the encryption key, a hacker would need to attempt 2256 different combinations, which would be impossible in a single lifetime.
Today, brute-force attacks aren’t as common due to the sheer impenetrability of modern-day encryption protocols. However, hackers are always looking to exploit loopholes within servers and web pages, which could compromise the platform’s security.
To combat this, Wealthsimple has a full cybersecurity team dedicated to protecting and reinforcing the platform’s data security around the clock.
Last but not least, Wealthsimple backs up all user data on external cloud servers. So even if a natural disaster occurred that wiped out Wealthsimple’s central servers, the data could be restored in a matter of days by accessing the backup servers.
Although Wealthsimple does its part to keep your data (and money) safe, the platform’s users should also follow basic personal cybersecurity practices to prevent their accounts from being compromised.
Public wifi networks aren’t always the most secure. Even though Wealthsimple’s website is secured with HTTPS encryption, a hacker could still gain access to your device and view loose information you have sitting around (such as passwords stored in a notebook file).
If you’re using a public wifi network, I recommend using a VPN like ExpressVPN. VPNs protect you by encrypting data shared between your device and the public wifi networks.
You never know who’s watching you. If you’re sitting in a busy cafe, a skilled hacker could visually log your keystrokes and memorize your login data. Taking it a step further, they could swipe your mobile device while you aren’t looking and use it to bypass Wealthsimple’s 2FA.
In general, it’s best not to access sensitive financial information and investment platforms while others surround you.
Passwords are regularly compromised and sold on the dark web. This is especially true if you use the same password for multiple sites (which you shouldn’t do). To ensure that your password is always safe and secure, you should try to change it at least once a month.
Today, the most common form of attack is a phishing attack. These typically come in the form of a text message or email that’s disguised as a legitimate message. Often, hackers will set up a fake lookalike site to mimic the landing page of a financial institution (such as a bank or investment platform).
Then, they’ll send users a message asking them to log into their accounts through the link to view an ‘urgent message’ or something similar. The only problem is that the site the user enters their personal information into is a fake site designed to steal their login credentials.
If you’re a crypto investor, then you’ve no doubt heard about the recent FTX scandal that resulted in many of the exchange’s users losing the crypto that they had held on the exchange.
Although I don’t recommend leaving large sums of money on any exchange, Wealthsimple Crypto users can rest assured that their investments are safely managed and stored offline in cold storage by Gemini and Coinbase Custody, which serves as Wealthsimple Crypto’s custodial agency.
Wealthsimple is 100% regulated by the Investment Industry Regulatory Organization of Canada (IIROC), which oversees trading platforms. Additionally, Wealthsimple Trade is protected by the Canadian Investor Protection Fund.
As a final layer of security, Canadian ShareOwner Investments Inc serves as the custodial broker for Wealthsimple. This means that even if Wealthsimple were to go bankrupt, its users’ investments would still be safe.
If you’ve recently joined Wealthsimple and made a deposit on your trading account, then you may not be able to take all of your money out of your Wealthsimple account. While this may cause alarm, it’s just a routine procedure.
Whenever you deposit funds into your Wealthsimple account, it may take up to five days for the bank to process the transaction. While your Wealthsimple account may reflect your deposit, the total amount may not be accessible for withdrawal until the bank completes and verifies the transaction.
Although it’s a newer trading and investment platform, Wealthsimple is committed to keeping its users’ data secure. To date, there have been no major hacks, and Wealthsimple has implemented encryption protocols and two-factor authentication and has a dedicated cybersecurity team to keep its servers secure.
Are you ready to start trading? Keep on reading to see how you can get $25 for free when you sign up for Wealthsimple Trade!