We often get questions on whether it's safe to connect your data using Basiq, so we decided to put together some detailed info on how we handle your data.
First thing's first...
Nope, we can't do anything with your money... 🙅♀️🙅♂️
All data is read-only so we can report on your accounts and transactions but that's it.
No longer need a product/ service? We'll delete your data 🚮
As long as the product/ service lets us know they don't need your data anymore we'll delete it. We've never sold any data shared by customers and never will.
We don't have access to your logins 🚫
Credentials are stored in AWS data centres in Sydney and Melbourne using AES-256 envelope encryption which means that each connection is encrypted with its own key. Employees have strict access control to data and systems and never have access to shared banking credentials
Yes, we're just as safe as your bank 🏦
Our infrastructure is hosted and managed in an ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centre... In layman's terms, your data is stored in the same way as data in the most highly regulated organisations around the world.
Our approach to security
As a company that works with financial institutions, security is at the core of what we do and protecting your data is one of our most important responsibilities.
We understand the sensitive nature of the information we collect and believe you should never have to compromise your privacy in pursuit of a better way to manage your money. This is why we take extensive steps to protect your identity and data via an ISO 27001 certified security program.
When you share your credentials with Basiq, no human ever sees your banking data except for the company that you’ve decided to share it with. We provide a read-only service, in other words, we can report on your accounts and transactions but we can’t make any payments or transfers - so your money is secure.
What data do we collect?
When you give Basiq permission to connect to your bank, we collect information required by the provider of your account or service, such as your login information, transactions, account numbers, and balances as well as general identity data including names and email addresses. This allows you to gain access to powerful financial services and tools and speeds up identity and account verification.
How do we make sure your data is safe?
We are ISO 27001 certified, use the same data centres trusted by the most highly-regulated organisations in the world and are regularly audited and assessed by third parties.
Our physical infrastructure is hosted and managed in ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centres based in Sydney and Melbourne.
Restricted Network Access
We use firewalls to restrict access to systems from external networks and between systems internally.
We conduct behavioural monitoring, vulnerability assessment, SIEM and intrusion detection to detect threats.
We store data at rest using 256-bit AES encryption and use an SSL/TLS secure tunnel to transfer data between your app and our API.
Our development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
Two-factor authentication and strong password controls are required for administrative access to systems.
What are my options when it comes to sharing data?
Right now, the options to share your banking details are either to download and email your official bank statements, which is inconvenient and more vulnerable to fraud - or to grant read-only access to your internet banking through a process known as digital data capture (what Basiq uses).
The Australian government has also begun to roll out the Consumer Data Right in the banking sector, which will allow you to ask for your data to be shared with trusted recipients. The CDR is still in its pilot phase and most banks do not yet offer the option to share your banking data in this way. In the meantime, Basiq will allow you to continue accessing services that help you reach saving goals, budget effectively, get better financial advice and more, in a secure way.
Get in touch with our team through the messenger in the right-hand corner 👉
Till next time 👋
The Basiq Team