Securely sharing your data with Basiq
We often get questions on whether it’s safe to share your data using Basiq, so we put together some detailed info on how we handle your data.
First thing’s first…
Nope, we can’t do anything with your money… 🙅♀️🙅♂️
All data is read-only so we can report on your accounts and transactions but that’s it.
No longer need a product/ service? We’ll delete your data 🚮
As long as the Fintech app (or the company’s app you are using) lets us know they don’t need your data anymore we’ll delete it. We’ve never sold any data shared by customers and never will.
Where’s my data stored? 🔐
All data is stored in AWS data centres in Sydney and Melbourne using AES-256 envelope encryption which means that each connection is encrypted with its own key.
Yes, we’re just as safe as your bank 🏦
Our infrastructure is hosted and managed in an ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centre… In layman’s terms, your data is stored in the same way as data in the most highly regulated organisations around the world.
How is the data shared?
Basiq supports two data access mechanisms, once you as a consumer have consented to the sharing of data. One is via a web connection, the other is via Open Banking.
What is the Web Connection?
Web connection uses the same method and services that you use to login to your internet banking portal. To connect your bank is simple and secure, you simply select your bank from the list of available institutions and then login to establish a connection between your bank and the financial service. As mentioned in a previous section, Basiq never sees that information, but providing it is critical to allow the application you are using to read your data.
What is Open Banking?
Open Banking is a new Government initiative that enables accredited financial service providers to securely access your data. Open Banking provides the greatest level of control and permissioning for your data providing you greater visibility and control. When using Open Banking to share your data there are few more steps involved. You will be required to consent to the sharing your data, and then select your institution.
Unlike the web connection method, once an institution has been selected you will be redirected to your bank to complete the connection setup. All parties involved in this process are accredited by the Australian Government and vetted to ensure that they have the appropriate security and compliance controls in place.
Want to learn more? Check out our Definitive Guide to Open Banking in Australia.
To sum up: both methods of data sharing are incredibly secure, highly governed and regulated, and something Basiq approaches with the utmost security and consumer privacy in mind.
The Technical Deets
How do we make sure your data is safe?
We are ISO 27001 certified, use the same data centres trusted by the most highly-regulated organisations in the world and are regularly audited and assessed by third parties.
|Secure environment||Our physical infrastructure is hosted and managed in ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centres based in Sydney and Melbourne.|
|Restricted Network Access||We use firewalls to restrict access to systems from external networks and between systems internally.|
|Real-time Monitoring||We conduct behavioural monitoring, vulnerability assessment, SIEM and intrusion detection to detect threats.|
|Data Encryption||We store data at rest using 256-bit AES encryption and use an SSL/TLS secure tunnel to transfer data between your app and our API.|
|Secure Development||Our development follows industry-standard secure coding guidelines, such as those recommended by OWASP.|
|Multi-factor Authentication||Two-factor authentication and strong password controls are required for administrative access to systems.|
More questions? Feel free to head over to basiq.io and chat to one of our friendly support teams at email@example.com