article featured image


“Neither a lender nor a borrower,” says an old-world catchphrase. Still, there are times, trying ones at that, when one must disregard these mannerisms and do what must be done to keep the business afloat. Welcome to the world of credits, where one thumbs-up is worth its weight in gold. In today’s article, I’ll be discussing one of the most reviewed personal finances services on the market – Credit Karma.

The name probably sounds all too familiar – for our readers residing outside of the European Union, Credit Karma commercials are common appearances on TV and YouTube. In a nutshell, Credit Karma is a go-to and free-of-charge credit score improvement solution.

Not a money-lending app per se; rather a financial tool that coaches the user on how to increase their likelihood of getting a loan. Among the questions, I will be answering today are: “what exactly is Credit Karma?”, “is Credit Karma safe?”, “should you use Credit Karma?” and more. Enjoy!

What is Credit Karma?

Keeping a good credit score is a must-have in non-EU countries. Some publications, Investopedia among them, say that everything that falls below “good” can be problematic for the applicant. The problem becomes even more complicated as we learn that there’s more than one way to compute an applicant’s credit score – 50 of them to be precise.

I won’t even bother discussing how these credit scores are computed, but I’ll tell you this: if your personal finance officer says that an action you undertake, say postpone your medical bill payment, will affect your credit score you would be wise to remediate this as fast as possible.

The explanation’s rather simple – credit score computing models are roughly the same, but not identical. As a result, you may have a credit score with one company, but a not-so-great one with another company. Yes, this type of bookkeeping helps companies keep tabs on a client’s ‘creditworthiness’, regardless of which personal finance ‘coach’ the applicant prefers. Anyway, enough about credit scores. Let’s talk about Credit Karma.

Two major players dictate what credit scoring should encompass – FICO and VantageScore. As one would imagine, a polarized market doesn’t tell us much in terms of variety. This is exactly the reason why Credit Karma popped up on the market – as a free and highly ‘personalizable’ alternative to FICO and VantageScore. Think of Credit Karma as your personal and, sometimes, highly informal financial advisor.

Of course, as any respectable credit scoring company, Credit Karma will compute your creditworthiness based on information retrieved from credit bureaus such as Equifax and TransUnion. Your VantageScore creditworthiness is also factored in your Credit Karma score. The result is the likeliness of you getting a loan at any credit bureau in the United States.

Seen as the proverbial breath of fresh air, the company has more than 100 million customers in the US, UK, and Canada. The product became even more popular as the company offers more than credit scoring services.

One look at Credit Karma’s page reveals a bounty of features – credit monitoring, scoring simulations, financial aid (e.g., Credit Karma can help you file your taxes for free), and much more. You can review Credit Karma’s full features in your dashboard or on the official website.

What’s wrong with Credit Karma?

Let me rephrase that – is something wrong with Credit Karma? I would venture to say “no”.  The application, which is available on multiple platforms, has some great reviews. Credit Karma rounded up 4.8 stars on G Play and a whopping 4.0 stars on PC Magazine.

What I meant to say is that CK is held in very high regard considering the very nature of the app (i.e., personal finance caretaker). If you want to learn more about why these financial apps are viewed in this (sometimes ill) manner, you should check out my articles on PayPal and Venmo. Anyway, advertising a free-of-charge service that caters to the same needs as a pay-per-use one is bound to draw some (unwanted) attention.

More specifically, people were starting to wonder if this product is real McCoy or some sort of scam. In order to avoid a torch-and-pitchfork scenario, Credit Karma itself wrote an article debating and reaffirming its legitimacy. Let’s get this out of the way – how Credit Karma keeps its lights on. According to the article in question, the company does not monetize its financial consultation services.

In other words, Credit Karma does not charge its customers credit score-related services. If we are to take the company’s ‘About Us’ page for granted, the bulk of CK’s income comes from banks and/or (legitimate) lenders via recommendations. So, each time CK convinces a customer to purchase a financial service from a bank or lender, the company will receive a commission.

With that out of the way, let us now take a look at Credit Karma from a cybersecurity standpoint. Is Credit Karma Safe? Should the user take additional precautions when creating\using the Credit Karma account? Stick around and find out.

Credit Karma Cybersecurity Concerns

In order to answer the question “is Credit Karma safe?” we first need to take a look at the company’s cybersecurity practices.  To learn more about security, we once again turn to Credit Karma’s website.

In “Identity-Aware Encryption”, a CK engineering blog article authored by Danny Zion, Credit Karma uses what’s called application-level encryption with crypto anchoring. I’ll get to that in a moment. Taking a look at the bigger picture, CK’s IAM brick working is very user-centric. As a concept, Identity-aware encryption means that for data-at-rest decryption to occur, the user must provide his\her credentials.

The need for identity-aware encryption grows even direr, as practice shows that legacy encryption methods (e.g., disk- or database-level encryption) have outlasted their usefulness and can, potentially, become liabilities. Credit Karma’s identity-aware encryption relies on key management externalization. In other words, CK and many other companies go for app-level encryption using keys stored KMSs (Key Management System Platforms).

Google’s KMS and Amazon’s HSM are probably the most popular, but there are many other key-management platforms. Anyway, storing keys on an external platform means that if something should happen with the app, the data-at-rest cannot be decrypted. Thus, we arrive at the very heart of CK’s security which is called crypto anchoring.

This safeguards data against specialized cryptography aggressions such as low-latency attacks. Bear in mind that identity-aware encryption and crypto-anchoring are not two distinct components. Think of identity-aware encryption as being crypto-anchoring’s safety net. In tandem, the two ensure not only the connection’s security but also data integrity.

So, is Credit Karma safe? I would wager to say “yes”.  One more thing before we sashay to the security recommendations section – envelope encryption. CK, like many others, uses this cryptographical technique in order to scale the ops, regardless of the handled data. This helps, a) keep the encryption key to a predetermined size and b) limit the service’s interaction with client data.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

How to Keep Your Credit Karma Account Safe

Still here? So, to end this article on a more positive note, here are some recommendations on how to bolster your Credit Karma account security.

For businesses

  1. Enable Two-Factor authentication. Setting up 2FA is always a great idea, regardless if it’s for your Steam, Gmail, or Credit Karma accounts. For the mobile app, you can set up 2FA by tapping on Settings >Security Settings. Tap the toggle button under Two-Factor Authentication to begin the process. On your PC or laptop, hop on your Credit Karma Account. Head to Profile and Settings and click on Security Settings. Search for Additional Login Security and select Enrolled. Read the instructions and click on update. The platform will guide you through the rest of the process.
  2. Additional cyber-protection. Whether you’re looking to improve your credit score or perhaps buying a new service from your favorite bank, it would be in your best interest to employ additional layers of protection. For your mobile need, Thor Mobile Security is your best bet against hackers. If you’re a desktop fan, Heimdal™ Threat Prevention – Endpoint ensures that your connection remains private and, of course, secure. Don’t forget about checking out Credit Karma’s blog for additions to their privacy and security policies.
  3. Don’t lose sight of your account. Credit Karma recommends regularly check our account for signs that may point to fraudulent activity. If you find evidence that may point out to foul-play, you should immediately contact Credit Karma and the credit bureau you’ve enrolled into.

For consumers

  1. Enlist in a credit monitoring program. Identity theft can be countered by enrolling in what is called a credit monitoring program. This feature allows you to keep tabs on your credit’s health and receive notifications if any changes occur to your credit.
  2. Barring your credit. If you think that you’re being scammed, Credit Karma can freeze your credit. This means that scammers won’t be able to use your personal info in order to open up credit accounts on your behalf.
  3. Inform the authorities. Don’t hesitate to contact the authorities if you were or are the victim of a scam. The FTC’s Identity Theft website can help you file an identity theft report. You should also contact the local authorities.


Is Credit Karma safe? Yes, I can certainly say that the application is safe. Can’t guarantee it though, but, in the cyber-world, nothing is truly safe. The first thing you learn in ECH school is that bolstering security decreases the functionality rate and usability. If you want to find out how this works, I suggest you look up the CIA triangle. As always, stay safe and for any questions or concerns, leave a comment.

Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.


I’m losing interest in Google all together, do you have an email service available?

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo