Our information security program is designed to meet and exceed industry standards for mobile banking security. Here are some important things to note about our information security strategy.
The combination of the Advanced Encryption Standard (AES 256) and Transport Layer Security (TLS) help keep sensitive data safe. Modern web and mobile applications use a technology called Transport Layer Security (TLS) to help protect data in-transit from unauthorized third-parties. Walletifai uses TLS for all information exchanges between the Walletifai customers and financial institutions.
Follow PCI DSS Security Standards
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.
We protect your data by applying the Payment Card Industry Data Security Standard (PCI DSS )rules to our business, product, and related processes that may involve transferring or processing data. We audit our product and keep all software versions up-to-date on a regular basis to avoid any possible security risk.
Use the Right Technology
Using secure cloud infrastructure technologies and monitoring systems, to host Walletifai, helps us add a robust layer of firewall in front of our services and protect your data within it.
Work with Widely Well Known Third Parties
To surpass the security requirements, we work with one of the top data transfer third parties in the industry called Plaid which helps us add another layer of data security. Plaid works with security researchers, app developers, and financial institutions regularly who audit and stress test the Plaid API and their security controls against industry standards to help them maintain a resilient information security program.
How it Works
When you connect your bank institution, you will be asked to enter your online banking information. However, we don't have access to these credentials. Your credentials will be sent via Plaid to your bank and Plaid will then send back an encrypted token for us to access your read-only transaction history. Walletifai will not make any changes to the institution and any access could be revoked anytime by unlinking the bank institution.
Walletifai regularly conducts security audits and addresses any issues preemptively to protect the information of our users. To bring a security issue to our attention please, please email firstname.lastname@example.org.