Account Aggregation Technology
Reaching New Heights
Check Images (from Bank Accounts)
Physical Financial Statement
6 Months of Bank Statements
Rock Solid Data Security
256 bits Data Encryption Extremely difficult to identify password
3 Fail Lockout Policy (i.e. when the user enters the password 3x incorrectly)
Complex length and character password requirements + 90 day expiration
Continuously adding layers of security upon increasing product development
Application security implementations:
– Users control if/when account passwords are saved.
– Passwords encrypted using AES 256.
– Encryption key is the user’s password and stored in memory, not persisted.
– Role-based access (administrator, customer, developer and user).
– Password complexity and strength (minimum of 4 letters, 4 numbers and 1 symbol, case sensitive).
– Password history (cannot use the past 6).
– Password expiration (expires every 90 days).
– IP access origin can be restricted by customer.
– Read-only access to financial institutions.
– Detail access, log and exception handling.
– Security events notification.
– Same-origin policy.
– Session ID randomically generated, non-repeating, 7.9E+28 combinations.
– Session expiration.
– Data backups stored in a separated physical location.
– No SQL injection possible, all parameters passed via “binding”.