We encrypt all banking credentials that are put into the app and separate them from a customers personally identifiable information. To retrieve transaction history these details are automatically unencrypted and used to retrieve any transaction history, then immediately re-encrypted. We at Moneyhub don’t store any login credentials, including passwords.
Moneyhub is a read-only service, so if a Moneyhub account should fall into the wrong hands (for example if a customers phone is stolen and hacked) no one can make any transactions from their account. In addition to this, to accessaMoneyhub account a pin-code, password or Touch ID must be provided to log in each and every time.
Our data aggregation partner
We use an aggregation partner, Yodlee, to retrieve bank data so that you can see all transactions come through to the same place. We have chosen to work with Yodlee because they:
- Are supervised by the US Banking Regulators (a body similar to the UK’s Financial Conduct Authority).
- Provide a trusted service to more than 850 organisations throughout the world, including 11 of the 20 biggest banks in America.
- Have a proven 16-year track record of keeping user information safe and secure
Our security procedures
We have certified ISO-27001 information security procedures. This is the same certification used by Google, Microsoft and Amazon. It is an internationally recognised standard that sets out the requirements for firms establishing and maintaining a robust information security management system. It also provides assurance that a firm with accreditation has implemented processes and controls that are secure and have been through rigorous audits and assessments. The certification also demonstrates that we as a company have adopted a proactive rather than reactive approach to managing our consumers data security.
This means we adopt these processes:
- A specialist Financial Service compliance team check processes on a monthly basis
- A comprehensive risk tracker maps information asset risks back to a series of internal controls
- The principle of leas privilege is applied throughout the organisation. This is the limiting of access to the minimal level that will allow normal functioning. Staff have the lowest level of user rights that they can possible have to be able to still perform their tasks
We develop the software according to secure engineering principles based on the National Institute of Standards and Technology, Technology Administration, US Department of Commerce - Special publication 800-27 Rev A.
Moneyhub Enterprise software teams undergo regular security awareness training and have a continual threat modelling system in place for the software.
Regular penetration tests are carried out to ensure that the system is protected against vulnerabilities and we use best practices and open standards to ensure that we protect against common attack vectors. Notably, we use the OAuth 2.0 and OpenID Connect standards to enable token based authorisation for all our internal services, ensuring that we don’t rely on perimeter security alone.
Access to the live system is available only to a small number of people. Any access is done via secure channels.
Our security protocols and techniques
How we help our customers with their security
Many of our users find that Moneyhub helps them spot suspicious activity and fraud through frequently checking their finances and categorising their transactions.