FinLocker holds security and privacy as a top priority for consumers and our customers. We implement strong security practices similar to those implemented at top financial institutions. We examine best practices, monitor the existing landscape, and engage third-party consultants to constantly challenge our thinking. We invest in upgrading and enhancing FinLocker security and technology based on the changing threat landscape. We safeguard your information with bank-level security such as AES 256-bit TLS encryption and other leading defense-in-depth security controls.
All Personally Identifiable Information (PII) or potential PII data is encrypted in memory, in transit, and at rest. We use TLS 1.2 (Transport Layer Security) transmitting data between your browser and FinLocker and between FinLocker and our partners. Then transmitting and storing data internally, we use AES (Advanced Encryption Standards) encryption which is one of the highest strength encryption technologies available. FinLocker uses the strongest version of AES known as AES-256.
Password and Account Protection
All data is processed and stored in Microsoft Azure U.S. data centers. Microsoft takes a layered approach to physical security, to reduce the risk of unauthorized users gaining physical access to data and datacenter resources. Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the data center floor.
Firewalls and Other Security Precautions
FinLocker has a variety of state of the art technologies to protect the consumer’s information such as firewalls, intrusion prevention systems, inherent security and monitoring by Microsoft of the Azure data centers, networks, and servers.
FinLocker annual audits such as the SOC 2 Type 2 audit which tests the effectiveness of a service provider’s (FinLocker’s) security, confidentiality, and operational controls. The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a framework for controls that safeguard the confidentiality and privacy of information stored and processed by a service provider.
External Security Assessments
FinLocker utilizes independent, third-party security experts to assess our system for vulnerabilities and validate appropriate security controls and protection. Several types of tests are performed on a recurring basis including web application vulnerability assessments and external penetration tests.