Here’s what we do to earn your trust – and why.
Your information is always encrypted, and nobody sees your PINs.
256-bit encryption, certified by Entrust, keeps your information indecipherable and private. It’s never seen by human eyes. We also have additional technical, operational and physical controls in place.
You can feel reassured because we’re insured.
22seven is insured by AIG. So if your information is compromised (which we never expect to happen) and you lose money as a result, we’re covered and will refund you.
We’ve partnered with the best.
We use a company called Yodlee to gather your information because they pioneered and still lead their field. They hold 45 technology patents that protect how they access and present information. 7 of the top 10 US financial institutions trust them, as do over 40 million people around the world.
We use the same security measures as your bank does.
22seven adheres to the same procedures and standards used by banks, the military and governments around the world. Our security is also regularly, independently reviewed and audited by industry experts.
The usernames, passwords and other authentication information you provide to us are passed, in encrypted format, directly through to Yodlee – our information aggregation partner. 22seven never stores them. Yodlee stores them in encrypted format and only the system that actually collects your information is able to decrypt them when required to do so. At no time can 22seven or Yodlee staff access your credentials. Yodlee’s security overview provides more information on their security.
All information that is transferred over the Internet between your computer or device and our servers is encrypted using 256-bit encryption. We use an Extended Validation SSL certificate provided by Entrust - a globally trusted digital certificate authority. This ensures that, even if intercepted, your information remains protected. In addition, all information transferred between our servers and those of our service providers, like Yodlee, is encrypted. This ensures that at no time is your information visible in clear-text whilst in transit.
Over and above the physical and technical controls we have in place to secure our database that stores all your information, we encrypt all information that uniquely identifies you (e.g. email address) before we store it. This means that your information is completely indecipherable in our database. We have technical and procedural controls in place to ensure that in the normal course of business only our systems are able to decrypt this information and, in an emergency, a very limited number of system administrators with segregated duties.
All our servers are hosted in a secure Internet hosting facility operated by an industry-leading hosting-provider. Their facilities are certified against the internationally recognised ISO27001 security standard and validated under the Payment Card Industry Data Security Standard (PCI DSS).
Access to our servers, databases and other infrastructure as well as internal systems is very tightly restricted. Only the 22seven team members who absolutely have to have access are able to do so. We regularly review each individual’s access rights and make necessary changes to ensure that we adhere to our ‘only the information you need’ policy.
We regularly have our security posture reviewed by industry-experts. These assessments look at the security of our technical infrastructure (servers, firewalls, networks etc.), our applications (including our website and internal systems) as well as our software development and deployment standards and practices. We immediately address any areas that pose a viable security risk.
22seven is covered by AIG, one of the world’s leading insurers. If data or information that you’ve entrusted to us is lost, stolen or compromised because of something we or Yodlee did (or didn’t do), and money is stolen from you because of it, we’re insured and will refund you. If you have a claim, it needs to be validated, and we will help you with the investigation.