We take security very seriously.

Here’s what we do to earn your trust – and why.

These are some of the locks and checks that make using 22seven safe.


Entrust

Your information is always encrypted, and nobody sees your PINs.

256-bit encryption, certified by Entrust, keeps your information indecipherable and private. It’s never seen by human eyes. We also have additional technical, operational and physical controls in place.

22seven AIG insured

You can feel reassured because we’re insured.

22seven is insured by AIG. So if your information is compromised (which we never expect to happen) and you lose money as a result, we’re covered and will refund you.



22seven and Yodlee

We’ve partnered with the best.

We use a company called Yodlee to gather your information because they pioneered and still lead their field. They hold 45 technology patents that protect how they access and present information. 7 of the top 10 US financial institutions trust them, as do over 40 million people around the world.

Bank

We use the same security measures as your bank does.

22seven adheres to the same procedures and standards used by banks, the military and governments around the world. Our security is also regularly, independently reviewed and audited by industry experts.


How your account login details are kept safe.

The usernames, passwords and other authentication information you provide to us are passed, in encrypted format, directly through to Yodlee – our information aggregation partner. 22seven never stores them. Yodlee stores them in encrypted format and only the system that actually collects your information is able to decrypt them when required to do so. At no time can 22seven or Yodlee staff access your credentials. Yodlee’s security overview provides more information on their security.

How your information is kept secure while travelling over the internet.

All information that is transferred over the Internet between your computer or device and our servers is encrypted using 256-bit encryption. We use an Extended Validation SSL certificate provided by Entrust - a globally trusted digital certificate authority. This ensures that, even if intercepted, your information remains protected. In addition, all information transferred between our servers and those of our service providers, like Yodlee, is encrypted. This ensures that at no time is your information visible in clear-text whilst in transit.

How your sensitive personal information is kept secure when it’s stored.

Over and above the physical and technical controls we have in place to secure our database that stores all your information, we encrypt all information that uniquely identifies you (e.g. email address) before we store it. This means that your information is completely indecipherable in our database. We have technical and procedural controls in place to ensure that in the normal course of business only our systems are able to decrypt this information and, in an emergency, a very limited number of system administrators with segregated duties.

How the physical servers that hold your information are secured.

All our servers are hosted in a secure Internet hosting facility operated by an industry-leading hosting-provider. Their facilities are certified against the internationally recognised ISO27001 security standard and validated under the Payment Card Industry Data Security Standard (PCI DSS).

Who has access to the servers and other technology that holds your information.

Access to our servers, databases and other infrastructure as well as internal systems is very tightly restricted. Only the 22seven team members who absolutely have to have access are able to do so. We regularly review each individual’s access rights and make necessary changes to ensure that we adhere to our ‘only the information you need’ policy.

How we know our security is up to standard.

We regularly have our security posture reviewed by industry-experts. These assessments look at the security of our technical infrastructure (servers, firewalls, networks etc.), our applications (including our website and internal systems) as well as our software development and deployment standards and practices. We immediately address any areas that pose a viable security risk.

How we’re insured.

22seven is covered by AIG, one of the world’s leading insurers. If data or information that you’ve entrusted to us is lost, stolen or compromised because of something we or Yodlee did (or didn’t do), and money is stolen from you because of it, we’re insured and will refund you. If you have a claim, it needs to be validated, and we will help you with the investigation.

question icon

If you have questions, however simple or technical, we’d like to answer them. Please email us.