This investment app has experienced its share of drama and news headlines over the years. Most recently, an unknown hacker carried out a social engineering attack that exposed the names and emails of millions of users. While data breaches are never a good sign, Robinhood’s response consisted of introducing advanced security measures to protect its customers’ most sensitive data. The question is, just how secure is Robinhood? You can check out all of our safety and security findings in our Robinhood review below. Keep in mind that we’re not financial advisors, and this Robinhood review does not include any official financial or investment advice.
Robinhood: Short Review
Robinhood became massively popular due to its pioneering zero commissions and zero fees on stock and ETF trades. You won’t even need to have a minimum balance to start. The usability of this app is incredible: it’s so easy to trade stocks, ETFs, and options contracts that it can become dangerous for inexperienced investors. The gamification elements that Robinhood introduces, almost make you forget that you’re playing with your money while using the app. Robinhood stores your social security number, tax identifiers, bank account information, and other sensitive data. While the amount of information they ask of you doesn’t differ much from other investment apps, Robinhood has been at the center of many breaches and other controversies over the years. Fortunately, Robinhood currently provides its customers with the necessary cybersecurity features to protect their accounts. This includes high levels of encryption (including bcrypt for passwords), two-factor authorization, and options for biometric logins (fingerprint and facial recognition). Unfortunately, the app is lacking in other ways, like its questionable history and the way it encourages risky trades. There are more secure stock trading apps that have better reputations, longer histories, and don’t engage in payment-for-order flow.
We give Robinhood a 7/10. If you’re interested in active trading and investing and want an app that will get you set up quickly, Robinhood is a relatively decent choice. Its cybersecurity measures are up to par, but we do warn you to be extra careful with your risk assessment, as Robinhood doesn’t do much to help you there. Instead, you might want to try a safer trading app.
Robinhood Specifications
- No guarantee or definite policy, but they might cover fraud on a case-by-case basis.
Safety: Is Robinhood Secure?
Robinhood is an easy-to-use investment app that’s available to nearly every citizen or legal resident in the United States. This is great, but it does raise some questions. Is Robinhood just as perfect when it comes to security? This is a platform that deals with money, after all. Getting your account hacked could have severe consequences. Luckily, Robinhood tries its best to make its service as safe as possible for all its users. Here are the most important highlights when it comes to Robinhood’s security:
Robinhood uses two-factor authorization, biometric logins, encryption, and automatic logouts to protect against unauthorized access. The service’s safety has been independently tested and received an A-rating (893/950). Robinhood doesn’t have a clear policy or regulation when it comes to account hacks, but users are protected in case of bankruptcy or foreclosure. This investment app has suffered multiple data breaches, although Robinhood made sure to learn from each instance and upped its security accordingly.
To balance out their problematic history with their current high levels of security, we awarded Robinhood a 7/10 for safety.
Robinhood security features
Robinhood has multiple security features that provide protection against any authorized person trying to access your account. If you’re going to sign up for the trading app, we recommend you enact all available security features. We’ve listed them down below.
Two-factor authentication: When you log in from any new device, you’re required to authorize via two-factor authentication. Robinhood will send a code by email, text message, or authentication app to confirm your identity. You can also set this up for any future login, which is recommended. Biometric logins: Robinhood offers the possibility to log into your account using your fingerprint or a facial ID scan. If your mobile device is capable of doing either, we recommend using the feature. Bcrypt encryption: Robinhood uses industry-standard Bcrypt encryption if you use a password to log in. In its security statement, the company also states it encrypts your sensitive data — like social security numbers and bank account information — before storing them. For its mobile and web apps, the brokerage uses the Transport Layer Security (TLS) protocol. This ensures that any communication transmitted between you and their site, app, and servers is encrypted and protected. Automatic logouts: After extended times of inactivity, the app will log you out automatically and require a sign-in via biometrics or password.
Independent cybersecurity score
According to the latest research, Robinhood is a technically sound and secured app. UpGuard, an independent cybersecurity reviewer, gave it an A rating, scoring it 893 out of 950 in 2022. This score was built up out of different sections:
Website security: two weaknesses found (HSTS-related). One of these could make first-time visitors vulnerable to man-in-the-middle attacks. Email security: one weakness found (DMARC policy). Network security: one weakness found (DNSSEC not enabled). Phishing and malware: no issues found, meaning Robinhood’s website isn’t suspected of hosting phishing pages or malware. Brand protection: no issues found, meaning the Robinhood domain is active and registered in the correct way.
In short, although Robinhood’s security isn’t 100% airtight, it does a really good job. Its mobile app and web platform take the necessary security measures to protect your funds and sensitive data from would-be attackers.
Is your money safe with Robinhood?
Unfortunately, Robinhood doesn’t have a clear policy when it comes to account hacks where funds are transferred out. The brokerage deals with such situations on a case-by-case basis. Luckily, they have excellent customer support through phone and email, so you can contact them in times of trouble. However, if you use the above safety features and take the necessary precautions to keep your brokerage account secure, your funds should be safe from the majority of attacks. In the case of Robinhood’s bankruptcy or some other unforeseen closure, your funds are protected by the following US government agencies and government-approved organizations:
Securities Investor Protection Corporation (SIPC): Any brokerage you join needs to be covered by the SIPC. Your securities are protected up to $500,000 or $250,000 in cash. Robinhood offers an “excess” of SIPC coverage through Lloyd’s of London, as well. Up to $10 million for securities and $1.5 million for cash after SIPC is exhausted. SEC-regulated: Robinhood is regulated by the Securities and Exchange Commission (SEC). The SEC is a government organization that protects investors by enforcing United States financial laws, regulating markets and imposing penalties, and taking other legal action against lawbreakers. FINRA membership: Robinhood is a member of the Financial Industry Regulatory Authority (FINRA). FINRA is a government-approved nonprofit that works with the SEC and oversees brokers, prevents investor losses, and identifies misconduct and fraud.
Has Robinhood had a data breach?
Unfortunately, Robinhood has indeed suffered multiple data breaches in the past. Right now, the company is in a much better place security-wise, since they went through those learning experiences and growing pains. The platform has amped up its encryption measures, hired hundreds more customer service agents, and focus on training employees in social engineering and other cyberattacks. Here are a few instances where Robinhood had to learn the hard way and improve its security measures:
In July 2019, the company revealed it had mistakenly stored user passwords in plain text rather than encrypting them. After realizing the error, they sent out emails to affected customers imploring them to change passwords. Robinhood has since moved to industry-standard encryption methods. In October 2020, cyberattackers managed to hack more than 2,000 accounts. Unable to reach Robinhood customer support, many users didn’t know how to gain back access to their accounts. The brokerage has improved its customer support system greatly since. In November 2021, the firm suffered a major data breach. Millions of Robinhood users had their full names and emails exposed during a cyberattack from an unidentified hacker. A Robinhood employee fell victim to a social engineering phone call and the attacker was able to access the database. For some users, their birthdates and zip codes were also accessed — which could lead to targeted phishing attacks. For example, attackers could use this detailed info for malicious “account verification” ploys. The brokerage said that no social security numbers or bank account info was compromised, and no customers reported financial losses from the breach. While the attack didn’t come from vulnerabilities in its systems, the company has taken measures to educate its workers on avoiding these kinds of attacks.
Privacy: How Does Robinhood Handle Data?
With any investment app, you’ll have to provide a lot of personal data to get a working account. This has been arranged by law. Although getting an anonymous Robinhood account won’t work, you can still be careful with your privacy when using the service. What does Robinhood know about you exactly? How do they use this information? How can you make sure you give them as little information as possible? These are the main questions we’re dealing with in this section. Our main conclusions can be found below:
Robinhood collects legally required information (ID info, contact info, and financial and profile data) as well as additional information about your usage, transactions, location, and so on. Your information is used for targeted advertising and might be shared with third-party vendors, partnered marketing agencies, companies you hold shares of, and authorities. Robinhood makes money through a payment-for-order-flow. By changing your app settings, you can take some control over the kind of information Robinhood collects about you.
Since Robinhood allows you some control over your privacy and doesn’t store or use more of your information than many of its competitors, we give this app an 8/10 for privacy.
What information does Robinhood collect?
By law, Robinhood requires you to provide your most sensitive data. So if you want to get trading, you’ll have to hand over the following information. Legally required:
ID info: Your social security number, marital status, date of birth, biometric identifiers, and scans of government identification Contact info: Email, mailing addresses, and telephone number Financial data: Bank accounts, level of income, credit scores, tax information, and financial transactions history Profile data: Passwords, logins, application assessments, interests, preferences, and feedback
Data that Robinhood automatically collects:
Usage data: IP addresses and mobile device identifiers are collected every time you log into Robinhood. The firm will also collect date and time stamps for login, pages you visit, and features you use regularly. Transaction information: All your transaction details (amount, date and time of transactions, type of transaction) are collected and stored. Location data: You can tweak this in the privacy settings, but Robinhood automatically collects the GPS location of your mobile device. Robinhood can also estimate your location by your IP address. Cookies: Tracking cookies and other tracking technology can store your IP address, browser type, Internet Service Provider, platform type, device type, operating system, date and time stamp, a unique device or account ID, usage information, and other similar information. Stored data: You can tweak this in the privacy section, but if you have a complaint and need to provide screenshots or photos, the app can ask for access to your photo gallery. Other info: Customer support claims, surveys, contest entries can all be collected.
How does Robinhood use your information?
Robinhood uses the data collected to allow you to use the app to its full extent and to customize the platform for your interests. It states in its privacy policy that data is used for targeted advertising. It can also be shared with third-party vendors — such as tax and accounting firms, identification and fraud-protection services, or outside marketing agencies that Robinhood uses. Companies that you hold shares of can also get your name, email, and mailing address upon request. This allows you to receive updates on the company and heads-up on earnings calls. Robinhood will also give your information to authorities if legal reasons require it.
How does Robinhood make money?
Robinhood has no fees and commissions. Instead, they make their money through a business practice called “payment-for-order-flow.” This means they are essentially selling your trading activity and data to Wall Street market makers. Instead of executing orders through exchanges, brokerages send customer orders through third-party, high-frequency trading firms. They essentially serve as a middleman between the brokerages and exchanges and execute the trades on Robinhood customers’ behalf. They’re able to (in a form of arbitration) buy or sell a stock based on the price they give the retail customer. If you’re using a broker that engages in PFOF, you could pay a penny (or fraction of a cent) more than what you’d pay with another broker while the market makers and broker benefit. To get an idea, Robinhood made $682 million on payment-for-order-flow in 2020. That was more than a 500% increase from the prior year. Robinhood notes in its privacy policy that all order data is anonymized before it’s sent to market makers, so they’re not getting any personal information on you. There are only a select few brokerages that offer commission and fee-free trading that don’t engage in this.
How to use Robinhood as anonymously as possible
If you’re concerned about your privacy while using Robinhood, you can tweak a few settings within the app to adjust what the company collects and shares about you. Here’s how you can do that: Are you looking for an even higher degree of online privacy and security? Then we highly recommend using a VPN to secure your connection. NordVPN is known for its strong safety measures while also being incredibly user-friendly. It will keep your IP address and data hidden from any curious eyes, which is definitely recommended when you’re trading. If you’d like to check out NordVPN, simply go to their website.
Usability: How User-Friendly is Robinhood?
Although this review is mostly aimed at the security and privacy of Robinhood, usability is another important factor. If an app is hard to work with or has awful customer support, that will result in a bad experience. Our conclusions with regards to Robinhood’s usability can be found below:
Signing up for Robinhood is relatively easy, although you will have to verify your account and go through an official application procedure. Robinhood is exceptionally easy to work with: you can buy shares in just a few clicks. Robinhood has been criticized for gamifying investments and using misleading tactics. This investment app works with zero fees and no commission trading. You can reach Robinhood’s customer support easily through phone or email. Robinhood has received several big fines and was at the center of quite a bit of controversy.
Robinhood is incredibly user-friendly — but to a fault. Due to the dangers that come with their habit of gamification, pushing options, and their past customer service, we’ve given Robinhood a 6/10 for usability.
How to sign up for Robinhood
Signing up with Robinhood is a fairly straightforward process. Here are the requirements you’ll need to meet to get a brokerage account:
Must be 18 years or older Must have a valid US Social Security Number Must have a legal US residential address in one of 50 states or Puerto Rico (exceptions for military) Must be a US citizen, permanent resident, or have the proper visa
Robinhood has an app that works on iOS (11 or higher) and Android (Version 7 (Nougat) or higher) and a website (Robinhood Web) that works on both PC and Mac with Chrome, Firefox, Edge, and Safari. To install Robinhood, follow these steps: Once your account is active, you might be asked to provide additional information to verify your identity, like your social security card or a live selfie.
Software usability and options
For better or worse, Robinhood’s software and interface are about the easiest to use of all trading apps we’ve tested. Since Robinhood only deals in limited securities (stocks, ETFs, and options — no mutual funds) the interface and trading tools don’t need to be that complicated. The software is incredibly easy to grasp and use. Buying and selling stocks and ETFs can be done with a few clicks. When you buy a stock, you get a confirmation with a celebratory spray of confetti. Here’s an example of how easy it is to buy 100 shares of Apple:
Its usability is one of the common complaints about Robinhood — it’s almost too easy to use. The interface makes trading feel like a game, which has its dangers. We’ll dive into this more in a minute. If you’re a frequent traveler, you’ll be happy to hear Robinhood doesn’t participate in geo-blocking. This means you can continue to trade even when you’re abroad. On top of that, you can even set a foreign mobile number for two-factor authentication and other kinds of communication. In other words, once you’ve verified that you’re a US citizen or have the correct visa, you’re free to use the app without any geographic restrictions.
Risk-assessment: Criticism for encouraging risky trading
Because of payment-for-order-flow, the more trades you make, the more money Robinhood makes. The firm has been criticized in the past for encouraging users to trade through misleading tactics and gamification of their app. They’ve also received fines from regulatory agencies for encouraging users to get in over their heads and make riskier trades — such as buying call options and trading on margin. Since paying settlements and penalties, Robinhood vets your experience level in investing at sign-up. When you note that you are a beginner, they provide more educational resources before you act on riskier trades. When buying calls and puts on stock options (which is very high-risk), users will see basic educational explanations. Messages saying “I think this stock will go up” or “I think this stock will go down” will show before you buy your option.
Even so, the brokerage still faces criticism for making it too easy to access these features. Some of the biggest complaints have come from users experiencing serious losses for not knowing exactly what they were getting into.
Pricing and fees
Robinhood became massively popular because it doesn’t charge commissions. It’s completely free to sign up for an account, use that account, and transfer funds. However, when other organizations charge fees for sell orders, those will be passed on to customers. This means you might pay:
Regulatory transaction fees (SEC): determined by law and charged by FINRA, set at $5.10 per $1,000.000 of principal. Not applicable for anyone with sales of a notional value of $500 or less. Trading activity fees: $0.000119 per share on sales of over 50 shares, with a max of $5.95. American Depositary Receipt (ADR) fees: represent foreign stocks, certificates might range from $0.01 to $0.03 per share.
These fees, along with the risks that always come with stocks and trading, are the only costs that come with using Robinhood, making it a very attractive platform. However, most brokerages these days — like Fidelity, TD Ameritrade, and Merrill Edge — now offer the same $0 fees and no commission trading. These brokerages have a much better history and track record in regards to cybersecurity, without the controversy that surrounds Robinhood.
Customer service
Customer service has been a huge point of concern for Robinhood in the past. After countless stories and a barrage of complaints (including the suicide of a 20-year-old trader after being unable to connect with customer service), Robinhood has certainly upped its customer service efforts.
Last summer, Robinhood reported around 2,700 customer support staff, “more than triple the number” they had the year prior. Now it’s easier than ever to get in touch with Robinhood by phone or email. You can request a call that usually comes within 30 minutes, or get an email reply within a business day. When we tested their customer service callback option, we had a representative get back to us in about 15 min. In the app, Robinhood told us what number to expect the call from and we had to verify plenty of information to prove our identity. We had to provide our full name, address, and the last four digits of our Social Security number before answering any specific questions.
Outages, reliability, and controversy
Potential users should also be aware that Robinhood has been the center of many serious complaints and lawsuits since it has gained such popularity. Though Robinhood seems to have learned from these mistakes, it’s important to keep these issues in mind before setting up an account.
Gamestop and “meme stock” halting
In January 2021, Reddit’s r/WallStreetBets subreddit group led a short squeeze on Gamestop’s stock. On January 20, the stock was worth about $40 per share. By January 27, it had skyrocketed to $347.50. While many brokerages halted trading on Gamestop and other heavily shorted stocks in January 2021, Robinhood took more aggressive action. Robinhood allowed its users to sell, but not buy any Gamestop or other shorted stocks for several days. These restrictions led to class action lawsuits from users.
$70 million in penalties for misleading customers
FINRA levied the heaviest fine and payout in its history when it fined Robinhood for misleading inexperienced investors. The regulatory fined the brokerage $57 million and ordered it to pay out $12.6 million to customers who suffered tremendous losses in risky trading and outages during market volatility. FINRA stated millions of customers were misled or received false information from Robinhood. FINRA also said Robinhood algorithms approved thousands of customers for options trading, though they were ineligible or should have been turned down for the complex trading strategy.
$65 million settlement for misleading customers
The SEC charged Robinhood with misleading customers in December 2020. The SEC concluded that Robinhood customers’ orders were executed at worse prices than other online brokers — costing customers about $34.1 million in total. This included factoring in savings from commission-free trading. Robinhood paid $65 million to settle the charges.
Accused of aggressively attracting inexperienced investors
Also in December 2020, the State of Massachusetts went after Robinhood for attempting to attract new and inexperienced investors to join the Robinhood platform. The complaint also said the brokerage used gamification on its app to manipulate customers. When customers answered questions at sign-up stating they had limited or no experience, they still received access to high-risk trading features like options and margin trading.
20-year-old customer commits suicide after a technical error
In June 2020, 20-year-old Robinhood customer Alex Kearns committed suicide after he received a notification that his account had been frozen after he’d incurred $750,000 in losses on risky trades. The automated email from Robinhood said he had to make a $170,000 payment immediately. At the time, there was no customer support number, and three emails to customer service came back with automated replies that they would get back to his request. Later, the notification turned out to be a technical error. Kearns didn’t owe Robinhood any money at all. However, he had committed suicide before they could clear up the misunderstanding. Robinhood settled with his family, though they haven’t disclosed any details.
What to Do in Case of a Robinhood Breach
Robinhood learned the hard way that cybersecurity is of the utmost importance in this industry. They’ve faced several breaches and upped their security levels and tactics every time to accommodate. Although this does make for a much safer Robinhood environment, breaches can never be ruled out completely. That’s why it’s important to know exactly which steps to take in case of a Robinhood breach. Finally, if you aren’t using it already, we strongly recommend getting a VPN like NordVPN to further secure your online activity.
Is Robinhood Right for Me?
Whether Robinhood is the perfect app for you, depends on your wishes and needs. Since the brokerage doesn’t offer mutual funds, bonds, or access to tax-friendly retirement accounts (such as Roth IRA), it’s more suited for active traders and investors. You’re only able to buy and sell stocks, ETFs, options and partake in cryptocurrency trading. Having said that, if you’re looking to swing trade, buy and hold or venture into options trading, it’s a solid option. The interface is very user-friendly and easy to navigate. There are no hidden fees, so it is a truly zero fee and commission trading app. However, if you’re looking for more long-term wealth-building, there are plenty of better options out there. Check out our other reviews:
Merrill Edge Acorns Ally Invest E*Trade
Also keep in mind that Fidelity and Merrill Edge don’t engage in payment-for-order flow, if that’s something that concerns you as an investor.