How Banked handles security


Merchants can setup their account using the Banked Console, in doing so we recommend the enablement of two factor authentication in Settings > Security. This adds an additional layer of security to your account by requiring more than just a password to log in.

Transport Security

All data served uses HTTPS. We frequenty audit our security configuration to ensure that our certificates and configuration are up to date. Our API Authentication supports secure connection either via Basic Authentication or OAuth for enterprise customers. Keys and secrets can be generated / revoked through your Console account.

We have a section dedicated to authentication here if you need web or app based authentication.

Data Encryption

All data is encrypted at rest with AES-256 block-level storage encryption. Backups are generated continuously and stored in an external replicated storage system.


The second Payment Service Directive (or PSD2) increases security and encryption standards, Banked doesn't do "screen scraping" or API reverse engineering, we follow the Strong Customer Authentication (SCA) approach, we only use open/public API that are PSD2 compliant.

Open banking relies on tokenization, therefore customers only share their consent - not credentials - to third party providers, Banked never store customer credentials.


Banked is regulated by the Financial Conduct Authority. Banked has achieved Cyber Essentials Plus certification.