Yes, Credit Karma is safe. In fact, the notion that it’s a scam is laughable. Not only is Credit Karma a real website with a solid reputation, but its services are also free to consumers, with no credit card required. Besides, the word “scam” connotes fraudulence, deception and financial swindling – none of which Credit Karma directly or intentionally partakes in.
Sure, some people will inevitably “kill the messenger” for bearing bad news about their credit health and thus complain about the company itself. But that’s to be expected of a company that deals in free credit scores and consumer data. And based on user reviews, Credit Karma has a rating of “Excellent” on WalletHub, with mostly 4- and 5-star user reviews.
The fact that WalletHub and Credit Karma compete in certain respects might lead some people to expect a slightly different tact in respect to this issue. But we applaud any well-meaning effort to help people improve their financial literacy. And while we aren’t ashamed to state our obviously biased belief that WalletHub is a better tool, that just means we’re especially legit.
With that being said, we’ll tell you a bit more below why Credit Karma is above-board.
Is Credit Karma Safe? A Closer Look At Security
It’s not really our position to tell you whether you should be comfortable trusting your financial information to any particular website. All we can do is give you a sense of what’s good and bad about Credit Karma’s security and allow you to decide for yourself. We’ll start with the bad because that’s obviously where any problems would reside.
The Bad News:
- Checkered Past: The Federal Trade Commission once levied charges against Credit Karma for allegedly misrepresenting the security standards of its mobile application and failing to take reasonable steps to protect users’ personal info. Credit Karma and the FTC reached a settlement in 2014. But such issues could reflect a company culture that’s susceptible to future security breakdowns.
The Good News:
- Legally Mandated Security Reviews: The bright side of Credit Karma’s run-in with the FTC is that it’s now subject to independent security assessments at least every other year through 2034.
- Bank-Level Encryption Standards: Credit Karma’s website uses an “https” connection with 128-bit encryption. In plain English, that means any information transmitted over the site is protected in such a way that is impossible to crack with current computing power.
- Identity Verification: New users must correctly answer a few questions about specific details of their financial history to open an account and receive a credit score. That makes it much harder for someone else to access your credit data.
- Read-Only Access: Neither Credit Karma nor an intruder can change the contents of your credit report or directly steal money from you.
With all of that being said, a website’s security is tough for any outsider to evaluate. Much depends on how it’s addressed on a daily basis and whether any vulnerability that does exist can be exploited in novel ways. Most people probably would have called Target safe before its December 2013 data breach, for example. And safe neighborhoods are only thought of as such until one violent crime hits the news.