understands that you may have questions about how we protect data.

We recognise that strong information security should be at the heart of our operations and we have adopted measures to protect the information we hold:

  • We implement systems and controls required by the Financial Conduct Authority and follow the regulatory technical standards published for Open Banking and the Second Payment Services Directive for accessing transaction data securely.
  • We use an Extended Validation certificate that allows us to verify ourselves to your browser.
  • We use 256-bit encryption for data in transit over the internet and whilst we hold it.
  • User access is controlled, and all systems have information asset owners who regularly monitor and manage access control lists for their systems.
  • Systems are regularly assessed and assured by specialists.
  • We monitor our operational environment, which will include alerting and incident event monitoring and response.
  • The operating environment is protected by native application security, Distributed Denial of Service (DDoS) protection capability and a web application firewall.
  • The infrastructure is protected with intrusion prevention/detection and host anomaly detection systems. All alerts undergo secure monitoring 24x7.