The U.S. Financial Literacy and Education Commission released a report in 2019 outlining how institutions of higher learning must be at the forefront of providing financial literacy to students.1

The report provides best practices for providing financial literacy, such as:

  • Providing timely, personalized financial information to students, especially concerning student loans
  • Engaging students in financial literacy so that they can use the information to make smart financial choices
  • Preparing students for their financial future after graduation

Colleges and universities are heeding this call by investing in student financial wellness programs. The best programs are holistic, offering a range of interactive courses, multimedia, and tools

However, just as importantly, institutions of higher learning also need to consider financial wellness platform security.

Your students, and their parents, are concerned about what happens to their private information. If the users of the platform aren’t comfortable with its security, they aren’t likely to participate – and without participation, students will continue to graduate without the financial knowledge they need

Defining Information Security

You may know information security by its more common name of data security. Information security, or infosec, practices are those that keep personal data safe from those who are not authorized to see or use it. Infosec is typically divided into four areas. 

  • Confidentiality
  • Availability
  • Integrity 
  • Resilience

Although integrity (keeping data from changing) and resilience (keeping platforms safe from attack) are important, when it comes to financial wellness platforms, confidentiality and availability should be the focus. Student data should only be available to authorized users and used for authorized purposes.

The top five security issues to consider when choosing a financial wellness program are:

1. Linked Accounts Are a No-No

Linking outside accounts to financial wellness programs makes students uncomfortable. Here’s why:

  • Data breaches are constantly in the news: In 2020, the Identity Theft Resource Center2 reported 1,108 data breaches affecting over three million individuals.
  • Each time a student shares financial or other personal data, it increases the likelihood of having data stolen.  
  • Larger financial institutions warn consumers not to provide third-party access to financial accounts. Some now warn that fraud based on linked accounts will be the responsibility of the consumer, not the financial institution.

This may be why CBInsights3 found that retention for personal financial apps that link bank accounts is low. One day after accessing the app, retention is just 23 percent. Thirty days later, retention is less than 6 percent.

2. Hackers Can Assemble De-Identified Data

Financial wellness platforms, even those that aren’t linking outside financial accounts, store personal user data. This data is stored to allow for program personalization (students get more information on student loans than retirement) and to allow platforms to create usage and engagement reports. Data can include:

  • Name, if the platform uses the same login information as the school’s website
  • Birthdate
  • Year in school
  • Major
  • Income
  • Debt
  • Goals
  • Student loan amounts

This data is de-identified, meaning that if a hacker got the information, a student’s name and income would not be linked. However, hackers have learned how to reassemble information and could potentially use this information to steal a student’s identity. 

3. Colleges are Targets for Hackers

Hackers love data collected by colleges and universities. Such data includes personal information from full names to social security numbers, health information, and even financial information such as credit card numbers and loan information.

Even though institutes of higher learning have security protocols, there are still several factors that make them an easy target:

  • Half of education-vendor websites are not adequately secure3
  • Students are less likely to know how to safeguard their personal data
  • Emails from administration often contain personal data
  • Wi-Fi is shared by school administration as well as students

4. Students Create Poor Passwords 

Students, and people in general, are not good at creating passwords. Even though students should use a combination of upper and lower-case letters, numbers, and symbols, many students create passwords that are easy for them to remember, which often makes them easy to crack. 

5. Data is Sold for Marketing 

Some financial platforms, especially those that are free to use, make money by selling user data to companies that want to market their products. For instance, if a student read an article on renter’s insurance, the student would soon be bombarded with renter’s insurance quotes. 

As long as financial platforms are upfront with their policies, this is a legal practice. However, students will be less likely to use a financial wellness program that doesn’t keep their information private.

Finding a Secure Platform

When considering financial wellness platform security, start by examining:

  1. The security track record: Look for a company that has partnered with large institutions that have strong security protocols. The platform would have to pass checks for security compliance.
  2. Use of externally linked accounts: iGrad does not ask students to link to external accounts, thus reducing the likelihood of identity theft and fraud.
  3. Data identification: Data should be saved so that it is not identified with specific students. iGrad uses data to create a personalized experience and provide colleges with usage reports, but no individually linked data is stored.
  4. Data privacy: Ask to see data usage policies and avoid those that sell user data. iGrad never sells user data of any kind.

Students want to know that they can trust their school with their data. That’s why addressing data concerns is essential as you help students become financially well. 



1 -

2 -

3 -