Last updated: 28 Febuary 2018
At Currencycloud we take the security of your data and money very seriously. We are ISO/IEC 27001:2013 compliant and consistently review and enhance our processes and systems to ensure that we remain secure.
Our service operates on Amazon Web Services (AWS) which is certified under a number of global compliance programmes which underlines best practices in terms of data centre security.
- ISO 27001 Information Security Management Controls
- ISO 27018 Personal Data Protection
- PCI-DSS Level 1 Payment Card Standards
- SSAE16/SOC 1, SOC2 and SOC 3
- FIPS United States Government Security Standards
For the full list of AWS compliance programs see: https://aws.amazon.com/compliance/pci-data-privacy-protection-hipaa-soc-fedramp-faqs/
More information about AWS data centre controls may be found here: https://aws.amazon.com/compliance/data-center/controls/
We have dedicated systems in place to protect against Distributed Denial of Service (DDoS) attacks as well as man-in-the-middle attacks. We use reputable registrars to protect against domain hijacking and “phishing” attacks.
Our platform undergoes regular penetration testing and has protection in place against common vulnerabilities like code injection attacks and cross-site scripting attacks.
All network traffic is encrypted at a transport level and confidential information is encrypted at rest. We use best practices in terms of encryption key storage and security.
Our platform and operational security is certified under ISO/IEC 27001:2013, the international best practice standard for Information Security Management Controls which is independently audited.
We also comply with best practices and regulations pertaining to the management of personal data under the UK Data Protection Act (DPA), as well as the upcoming European Union General Data Protection Regulation (GDPR).
Strong access control
Our platform provides a role based, hierarchical security model with two-step authentication and multi-factor authentication for sensitive systems. All access is logged and audited for suspicious behaviour.
Use Currencycloud with confidence
Your money and your data is as important to us as it is to you. Here are some of the things we do to make sure that you can use our services with peace of mind.
Trusted by more than a million people
At Currencycloud we process over $1bn a month on behalf of hundreds of thousands of people and companies.
We comply with best practices and regulations pertaining to the management of personal data under the UK Data Protection Act (DPA), as well as the upcoming European Union General Data Protection Regulation (GDPR).
We are ISO/IEC 27001:2013 compliant and have robust processes to protect our systems.
Funded by high quality investors
Currencycloud is backed by some of the leading names in the investment community, including GV (Google Ventures), Sapphire Ventures, Anthemis, Notion Capital.
Safeguarded bank accounts
Your money is held in separate accounts with tier one banks. In the unlikely event of Currencycloud ceasing to exist, your money remains protected..
Most businesses have a tentative relationship with regulation. They understand the need for protection and welcome it when the need arises. But are also frustrated by the hurdles regulation puts in their way, especially as we live in an age where simplification and...
Know your customer (KYC) is still one of the biggest stumbling blocks to enhancing customer experience in both B2B and B2C financial services. Authentication and data capture typically requires several items of paper-based evidence. Worse still, many of these items...
PSD2 came into force in January 2018, while the GDPR deadline is May. How can the two seemingly different regulations work together? This year marks the arrival of two important EU regulations that will impact the financial sector: The update to the general data...