Investors interested in an online-only brokerage with low fees and solid cybersecurity measures can take a look at Ally Invest. More than 9 million users trust their trading and brokerage accounts to the Ally Invest platform and app. Its parent company, Ally Financial, has been in business for more than 100 years.
As Ally moved to its fully-online business model, the company was able to cut overhead costs and passed on strong interest rates and other benefits to customers. They also intensified their online security protocols, fraud protection, and improved customer support.
Want to give Ally Invest a go for all your stock trading and investing needs? Have a look at our full Ally Invest review to learn just how safe and secure the platform is.
Ally Invest: Short Review
| Pros | Cons |
|---|---|
| Secure Socket Layering (SSL) encryption for transmitting data | No two-factor authentication for regular logins (mobile and web app) |
| Two-factor authentication for logins from new devices (SMS or email code) | No in-person branches |
| Biometric authentication for mobile app | Notable outages in 2020 and 2021 |
| Strong firewalls | Ally Bank (sister company) sued for 2021 data breach |
| Customers get free access to Webroot SecureAnywhere antivirus protection (with Ally Bank account) | No cryptocurrencies |
| SIPC-insured up to $500,000 for securities, up to $250,000 cash. Additional coverage up to $150 million through Lloyd’s of London. | |
| Ally Bank and Ally Invest synced app on mobile | |
| No minimum account value |
Ally Invest is a fantastic online investment app that offers a myriad of features, including self-directed trading, forex trading, accounts for retirement savings, and automated investing options. With more than 406,000 customer accounts, it’s a fairly popular choice. Currently, Ally Invest manages around $13.4 billion in assets. At the moment, Ally Invest is only available to users in the United States. You need to be a full-time resident of the United States and must have a valid social security number to open an account with Ally Invest.
Ally Financial, which owns Ally Bank, offers Ally Invest under its subsidiary, the Ally Invest Group, Inc. The company is headquartered in Charlotte, North Carolina, and allows you to open a checking or savings account, or even apply for a personal loan, or for vehicle or mortgage refinancing.
As for security, Ally Invest scores very high. However, like most other apps, it does use cookies. Your data might be shared with Ally’s other subsidiaries, so it’s best to disable them. Aside from that, it offers two-factor authentication, biometric login security, automatic logouts, IP and device whitelisting, and malware protection thanks to robust firewalls.
Since it’s SIPC insured and offers access to diversified investment options for your portfolio, you can be sure that your funds are safe. With its simple interface, there are no gamification tactics or encouragement of risky trades. More importantly, Ally Invest uses payment-for-order-flow to make money. However, it’s one of the few platforms that doesn’t charge a commission per trade (unless you choose a robo-managed account).
Overall, Ally Invest scores an 8/10. It offers strong security, even though its parent company did misstep in the past. Ally doesn’t offer crypto trading, but apart from that, it’s a fairly competitive investment app.
Ally Invest Specifications
| Features | Specifications |
|---|---|
| Investment choices | Stocks, ETFs, bonds, forex, mutual funds, OTCBB, Ally Bank accounts, and listed options |
| Investment minimum | $0 ($100 for robo-managed accounts) |
| Fees per trade | $0 (trading fee applies to bonds, mutual funds, and other investments) |
| Stock per trade | $0 |
| Options trade | $0 + $0.50 per contract |
| Account fees | No annual fee, inactivity fee, transfer fee, or closing fee for brokerage accounts. $50 outgoing transfer fee. |
| Cryptocurrency access | ✖ |
| Customer support | 24/7 customer service |
| Fraud protection | ✔ |
| Mobile app | Android and iOS |
Safety: Is Ally Invest Secure?
If you’re looking for a robust online trading app that takes user security seriously, Ally Invest makes the cut. It gets an 8.5 on 10 from us. Ally Financial, Ally Invest’s parent company has a solid “A” rating from independent cybersecurity reviewer UpGuard — scoring 817 out of 950.
Ally takes important cybersecurity steps needed to protect its online portal and platforms from outside hacks and attacks. It also provides users with the features needed to protect their accounts from unauthorized access.
Ally Invest security features
As an online-only brokerage, Ally Invest offers more than the average platform in regards to security. While this includes advanced security features, you’ll also have access to premium malware, protection, and other services when you sign up as an Ally Bank customer.
Here’s a rundown of what Ally Invest offers you security-wise:
- Two-factor authentication: Using a code sent to your email, mobile phone, or authentication app, Ally Invest can offer an additional layer of security for logins or extra identity verification. You may also be prompted to answer a security question you set up during registration.
- Biometric logins: For mobile logins, users can use fingerprint or facial recognition scans.
- Robust firewalls and Secure Socket Layering (SSL) encryption: SSL encryption creates a secure connection between your browser and Ally Invest’s site or app platform. This means all of the data you transmit (passwords, transactions, and financial data) is secured and unreadable to outsiders. If the website determines your connection is suspicious for any reason (such as flagged unsecured public Wi-Fi connections) it may block access.
- Automatic logouts: After extended periods of inactivity, Ally Invest automatically logs you out to keep any potential unauthorized users from accessing your account.
- Failed logins: Ally Invest will automatically block access to your account after a certain number of failed attempts. You’ll have to contact customer support to get back in. This can protect you against brute force attacks and password-guessing software.
- Antivirus and malware protection: In addition to secured firewalls, Ally Invest uses top-tier antivirus and antimalware protection. If you sign up for Ally Bank, it also provides users Webroot antivirus and malware protection for up to three devices.
Is your money safe with Ally Invest?
As far as cyberattacks and protection from unauthorized users go, your Ally Invest account will be safe. You’ll just need to make sure you use all of Ally Invest’s security features mentioned above. Ally Invest doesn’t have a blanket policy on unauthorized activity in customer accounts and typically handles them on a case-by-case basis.
We’re fans of Ally Bank’s Online & Mobile Security Guarantee. If you notice any fraudulent or unauthorized transactions online or via the app, you won’t be held liable as long as you report it by calling 1-877-247-2559 within 60 days from when the statement was made available.
In the case of Ally Financial or Ally Invest’s bankruptcy, your funds are protected by government-approved organizations and government agencies:
- Securities Investor Protection Corporation (SIPC): Any major brokerage should be covered by the SIPC. Your securities are protected up to $500,000 or $250,000 in cash. Ally Invest offers an “excess” of SIPC coverage through Lloyd’s of London, as well — up to $150 million after SIPC is exhausted.
- SEC-regulated: Ally Invest is regulated by the Securities and Exchange Commission (SEC). The SEC is a government agency that enforces United States financial laws, imposes penalties and takes other legal action against perpetrators, and regulates financial markets.
- FINRA membership: Ally Invest is also a member of the Financial Industry Regulatory Authority (FINRA). FINRA is a government-approved nonprofit that works with the SEC and prevents investor losses, overseas brokers, and identifies fraud and other misconduct.
Has Ally had a data breach?
Ally Invest has enjoyed a solid track record in regard to cybersecurity. There have been no data breaches or significant attacks on its systems.
However, its sister company Ally Bank engaged in some poor cybersecurity measures in 2021. Since many Ally Bank users also use Ally Invest, this could be a cause for concern. In a June 2021 letter to customers, Ally Bank disclosed that it experienced a data breach that saw the usernames and passwords of many users exposed to third-party companies that Ally does business with. This wasn’t a cyberattack, but rather a programming error on Ally Bank’s behalf.
The situation is currently under investigation and Ally Bank is the subject of a class-action lawsuit.
Privacy: How Does Ally Invest Handle Data?
According to state and federal laws, users are required to provide their most closely-guarded sensitive information when signing up for a brokerage account. Ally Invest offers the necessary cybersecurity and encryption protocols to protect information such as social security and bank account numbers.
Ally Invest uses cookies to collect comprehensive information about your online and mobile activity, as detailed in Ally Corporate’s privacy policy. They also use this information for Online Behavioral Advertising (OBA) on third-party sites. You can disable cookies when accessing the website through your browser, though it may limit functionality.
For this reason, we give Ally a 6.5 out of 10.
What information does Ally Invest collect?
Here’s some legally required information that Ally Invest collects:
- ID info: Name, social security number, date of birth, marital status, and scans of government identification
- Contact info: Name, email, mailing addresses, and telephone number
- Financial data: Bank accounts, mortgage or rent payments, employment history, income information, credit scores, tax information, and financial transactions history
- Access authorization data: Passwords, logins, biometric information, application assessments, interests, and preferences
As outlined in their privacy policy, Ally Invest also collects other information from users. They use this information for advertising, improving customer support, and analyzing their services. This includes:
- Usage data: Ally Invest says it will collect your IP address and mobile device identifiers when you log in. Sites will usually collect timestamps and dates of logins as well.
- Location data: The brokerage can log the geo-location of your computer through your IP address. It can also use your mobile phone’s GPS location for information about your physical whereabouts.
- Cookies: Tracking cookies and other tracking technology are able to store all kinds of data. This could be your Internet Service Provider, IP address, type of device and operating system, your browser, date and time stamp, and a unique device or account ID.
- Transactions: The amount of the transaction, the date and time it was executed, and the type of transaction are also all recorded.
- Contact lists: Ally apps will ask your permission before doing so, but they can access your contact list names, emails, and mobile numbers to “facilitate Zelle transfers.”
How does Ally Invest use your information?
Some of the data Ally collects is used for advertising purposes, while other information is used to improve functionality on the platform. Ally Invest uses location, device, and usage data to optimize the app according to your preferences and show you relevant ads. They will also retrieve and use your personal or contact information when you use Ally Invest or Ally Bank’s associated services.
Remember that disabling cookies in your browser will prevent Ally Invest from collecting much of your data, though they mention it affects “functionality.” Here are some other ways Ally Invest might use and share your information:
- Sharing with third-party services: Companies that perform services for Ally Invest will also have access to your personal information, whether it’s tax and accounting firms, identification verification and fraud-protection services, or outside marketing agencies. Ally Invest also states they may share data with companies they have “formal agreements” with to offer financial products and services.
- Legal concerns: If required by law, Ally Invest will also hand your personal data over to the government and authorities.
- Analytics and marketing purposes: This wouldn’t include your identifying info, but usage, location, and device data might be used for market research and marketing purposes.
- Advertising: Whether it’s through cookies gathered online or usage data gathered from your device, Ally Invest can create interest-based advertising for you. You can block cookies in your browser and tweak your privacy settings to put a damper on this kind of data collection.
- Device usage research: Ally Invest states that it participates in the Adobe Marketing Cloud Device Co-op. Adobe helps companies track user activity across their devices to better customize advertising.
How does Ally Invest make money?
Ally Invest doesn’t charge any fees or commissions for stock and ETF trades, and there are no hidden annual fees. Instead, brokerages like Ally make money off interest from margin lending and fees for actions performed on the platform.
However, one of the biggest money-makers is a business practice called “payment-for-order-flow.” Ally Invest clearly discloses on its website that it engages in this, meaning that the company is essentially selling your trading data to Wall Street market makers.
Ally Invest won’t execute customer orders itself, but rather send customer orders to third-party, high-frequency trading firms. These firms essentially serve as middlemen between the brokerages and exchanges and execute the trades on Ally Invest customers’ behalf.
They’re able to (in a form of arbitration) buy or sell a stock based on the price they give the retail customer. If you’re using a broker that engages in PFOF, you could pay a penny more than what you’d pay with another broker while the market makers and broker benefit.
In 2021, Ally Invest made roughly $15.3 million in revenue for PFOF.
How to use Ally Invest as anonymously as possible
When your money’s on the line, it’s very important you take data security seriously. There are a number of steps you can take to boost your safety when accessing investment apps like Ally Invest:
- Use a VPN. If you fear that you’re on an unsecured network, always use a VPN before connecting to Ally Invest. A VPN encrypts your data so malicious actors can’t steal such sensitive information. We recommend NordVPN.
- Be vigilant. When accessing the website, always check for the padlock icon beside the URL. Also, carefully check the URL itself before accessing the site.
- Don’t access it on untrusted networks. If you aren’t using a VPN, avoid accessing Ally Invest on untrusted networks.
- Set two-factor authentication (2FA). This one’s very important, as it’ll make your logins a lot safer: strangers won’t be able to get their hands on your account as easily.
- Change your password regularly. Even if you have a strong password set up, make sure you continue changing it regularly.
Usability: How User-Friendly is Ally Invest?
Ally Invest has a very minimalistic interface that’s quite easy to use for even the most technically unsavvy individual. Whether you’re using the mobile app or browser, the signup process for Ally Invest is straightforward.
Remember that Ally Invest is online-only. At the time of writing, there are no physical branches. If you feel unnerved by not being able to walk into a physical branch to handle your affairs, you might prefer a different investment platform.
Their customer service, which is available via phone or email, is pretty top-notch. Overall, Ally Invest’s usability scores an 8 out of 10.
How to sign up for Ally Invest
You can sign up for Ally Invest either through its website or through Ally’s mobile app. When you sign up, you’ll need to provide your social security number, contact information, employment information, and general financial information to get approved for an account.
PRO TIP: When signing up for an Ally Invest account, always make sure you’re on the correct webpage by examining the URL in your browser’s address bar. It should say https://ally.com (that’s two Ls). You should also check for the padlock icon in your browser. Never provide any sensitive information to a webpage that you’re not sure is the official website.
Here’s how you can sign up for an Ally Invest account through the mobile app:
- Go to Apple’s App Store, or Google Play to download the Ally Invest app.
- Select the type of portfolio you’d like to create. For this one, we selected Investing & Retirement.
- Select the kind of accounts you’d be interested in: self-directed accounts or ones that are selected with automated advisors.
- Answer the questions that show up to make your investment goals clear.
- Provide the necessary information, including your social security number, income information, and other identifying data.
- Set up biometrics and multi-factor authentication.
And that’s it! Your account is now set up and ready to be used.
Software usability and options
Once your Ally Invest account has been approved, you’ll need to link your bank and fund the account. We’ve run through a few orders to give you an idea of the interface and ease of trading within the app.
The app is pretty straightforward. We were able to act on a couple of trades within a matter of minutes using their Quick Trade function.
It was relatively easy to set up an account and start trading using Ally Invest.
Risk-assessment
Because Ally Invest uses payment-for-order-flow, it makes more money if you place more orders on the platform. However, Ally hasn’t been known for predatory practices, unlike big names like Robinhood.
Instead, it offers an array of educational tools on its platform, as well as screeners, so you can carefully review your trades before you make one. On the Live platform, you can find the ETF screener. Importantly, options trading and analytical tools are available for graphing profitability. However, screeners, options trading, and other advanced options tools are not available in the mobile app. This means your experience will differ depending on the platform you choose.
However, given the range of educational resources available on the platform, we are confident that investors have adequate resources available before executing a trade.
Pricing and fees
Ally Invest doesn’t charge a fee for its self-directed accounts. However, there are some other fees you should know about:
- Cost per stock trade: $0
- OTCBB (and stocks below $2.00): $4.95 + $0.01 per share (maximum commission per order cannot exceed 5% of trade value)
- Forex: no commission
- Options: $0.5 per contract + $0.5 fee for low-value options positions
- Robo-managed accounts: minimum $100 investment. Annual 0.30% management fee for robo-created portfolios.
- Account closure: no fee
- Domestic wire transfers: $30 for sending, none for receiving wire transfers
- Checks: $5 to send a check
- Maintenance or inactivity fee: none
- Mutual funds: $9.95 per no-load trade
- Broker-assisted trades: $20 per trade
- Full outgoing transfer fee: $50
The rates for margin interest can be found below:
- Under $25,000 at 7.75%
- $50,000 at 7.5%
- $100,000 at 6.75%
- $250,000 at 5.50%
- $500,000 at 4.50%
- $1 million at 4%
- Over $1 million at 3.25%
Customer service
For an online-only brokerage, we were hoping Ally Invest would have a live chat. Unfortunately, this isn’t the case at the time of writing, neither in the app nor on the website. However, Ally Invest does offer a 24/7 phone number that has proven to be excellent.
We tried inquiring about encryption protocols on the site and app, and a representative was able to give us a solid answer in well under five minutes.
Note that you will need to provide some personal data so customer service reps can confirm that they’re speaking with the account holder. We had to provide our full name, the last four digits of our social security number, and some other security questions only account holders would know.
WARNING: Be careful about giving information to customer service.
If you’re communicating on the phone, make sure it was you who initiated contact. Make sure to call the designated number on the Ally Invest website or app. This way, you can be sure you’re talking to an official Ally Invest representative. There are countless Help Desk and other social engineering scams out there that seek to pry financial data from victims.
If a customer service representative calls you over the phone, never give them your personal information, even if they claim it’s an urgent matter.
What to Do in Case of an Ally Invest Breach
Since keeping customers’ funds and sensitive data safe is part of their business practice, banking and investment platforms must take some of the toughest cybersecurity measures of any industry. Sure, Ally Invest and Ally Bank have a solid track record when it comes to data breaches, but the bottom line? You don’t know what could happen in the future.
Savvy hackers and cybercriminals are constantly figuring out new ways to break into networks and systems. Unfortunately, financial institutions will always have a huge target on their back. If Ally Invest was to suffer a data breach for any reason, here’s what you should do:
- Find out what was stolen. Sensitive data can be used to commit all kinds of identity fraud. If social security numbers were compromised in a data breach, you need to notify law enforcement immediately. In many data breaches, hackers make off with seemingly harmless scores like emails and customer names. However, those can be used for targeted phishing emails attacks, which you should be wary of.
- Change your passwords. Unfortunately, password-guessing and credential stuffing software run rampant. If your username and even partial passwords were stolen in a breach, you could be vulnerable to attacks. Change your account password. Make sure it’s impossible to guess and that you don’t use it anywhere else. You can also use a secure password manager like 1Password to create strong passwords and store them.
- Set fraud alerts. Credit rating bureaus don’t charge you to set up fraud alerts. Some examples are Experian’s fraud alert center, Equifax’s credit fraud alert section, and TransUnion’s fraud alert center. You’ll be notified when someone is trying to commit fraud in your name.
- Get a credit monitoring service. CNBC has compiled a list of the top credit monitoring services for this year. After a data breach, companies usually offer a year of free credit monitoring. If you’re concerned about your info being compromised in a cyberattack or leak, make sure to sign up for some on your own.
Is Ally Invest Right for Me?
Investors looking for an easy-to-use app with access to long-term wealth-building will enjoy Ally Invest. After signing up, you can get approved quite quickly for tax-friendly retirement or investment accounts, as well as trade stocks, ETFs, mutual funds, or bonds. Investors interested in a hands-off approach can set up an account with a robo-advisor.
Active traders can set up self-directing individual accounts, but might be attracted to flashier interfaces and more hands-on features that other apps provide. Cryptocurrency traders are out of luck too, as Bitcoin and other crypto aren’t yet available to trade on the platform.
Ally Invest (and Ally Financial) has a long history with a good track record in regards to cybersecurity. Investors who are concerned by their recent internal data breach will want to take that and the subsequent investigation into consideration. It’s also necessary to consider their data sharing policy.
However, if you’re looking for more long-term wealth-building, there are several other options out there. Check out our other reviews:
Have any questions about Ally Invest’s security and privacy standards? Click on any of our frequently asked questions below for the answer.
Ally Invest engages in payment-for-order-flow, which means it sells your trading activity to Wall Street market makers. This data is anonymized before it is sent off, so none of your private personal data is sold. However, Ally Invest does share your personal data with third-party companies it does business with. For more information, read our full Ally Invest review.
Sure, Ally Invest is safe to use. The investing platform has over 9 million customers and is SIPC-insured up to $500,000 for securities and $250,000 in cash. There’s also extra coverage up to $150 million if the SIPC is exhausted. Ally Invest also takes the necessary cybersecurity measures and provides the features to protect your funds and accounts from unauthorized access.
Unfortunately not. Ally Invest users can actively trade stocks, ETFs, mutual funds, and options. Cryptocurrency is currently unavailable on the platform. There are many publicly-traded companies you can invest in that provide exposure to cryptocurrency in different ways.
-
-
-
https://vpnoverview.com/privacy/finance/ally-invest-review/
