Transport Security
All data served uses HTTPS. We frequently audit our security configuration to ensure that our certificates and configuration are up to date. Our API ensures secure connections using the OAuth2 application framework. API keys and secrets are provided during onboarding.
For details, see the authentication page.
Data Encryption
All data is encrypted at rest with AES-256 block-level storage encryption. Backups are generated continuously and stored in an external replicated storage system.
PSD2
The second Payment Service Directive (or PSD2) increases security and encryption standards. Banked doesn't do "screen scraping" or API reverse engineering. We follow the Strong Customer Authentication (SCA) approach, and only use open/public APIs that are PSD2 compliant.
Open banking relies on tokenization; therefore, customers only share their consent - not their credentials - with third party providers. Banked never stores customer credentials.
Regulation
Banked is regulated by the Financial Conduct Authority. Banked has achieved Cyber Essentials Plus certification.