Security is in our DNA at all times
Our proactive approach to protecting data decreases the risk of security incidents and increases peace of mind when enabling financial data and payment access.
Best-Practices in Practice
We apply industry best practices to handle your money and data. Strict organizational measures, access controls, encryption and infrastructure security practices enable Finverse to securely move money and handle financial data.
Finverse implements a comprehensive set of security policies, reviewed and accepted annually by all employees and contractors, which include the following measures:
✦ Annual security awareness training
✦ Multi-factor Authentication (MFA) for all system access, including physical security keys
✦ Granular, fully-auditable access controls
✦ Processes to ensure timely granting and revoking of access privileges
✦ Workstation antivirus and endpoint compliance systems
API traffic secured by HTTPS with industry-standard ciphers
Customers can view and rotate API keys through Finverse’s customer dashboard
Secure SDLC (Software Development Lifecycle)
We perform comprehensive scanning in our application development, including static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA)
We maintain a stringent change management system to ensure code quality, accountability, and separation of duties.
Finverse operates a vulnerability discovery rewards program. If you believe you have discovered a vulnerability or would like to participate in our rewards program, please reach out to [email protected].
Governance, Risk, Compliance, and Privacy
Finverse implements security controls mapped to ISO 27001 standards and monitored through a leading 3rd-party compliance and security automation platform, which continuously monitors our systems, tools and employees to help us remain compliant and improve our security posture over time.
Finverse implements significant infrastructure-level security measures to ensure system security, integrity and availability, including:
Industry-standard system hardening and security best practices (such as CIS) to avoid misconfigurations and weak security configurations
Extensive use of secret and encryption key management solutions to ensure appropriate handling of access configurations and sensitive data
Continuous monitoring of our infrastructure and codebase using industry-standard security scanners to ensure our infrastructure and resources are securely configured and any vulnerabilities are quickly discovered and remediated
Continuous monitoring of public information for new vulnerabilities and threat actors
System access provisioned according to the Principle of Least Privilege. Elevated permissions are granted on a per-user basis, tightly scoped, and automatically revoked
Infrastructure changes vetted through change controls which ensure updates are reviewed, scanned for security issues, tested, approved, logged, and audited
Data backups to ensure operational continuity
Granular team member roles in Finverse’s customer dashboard allow team owners to tightly control access scopes and minimize the risk of human errors and bad actors
Encryption and Authentication
Strong encryption in transit (≥TLS 1.2) and at rest (≥AES 256 bit)
Authentication for customer API integrations via API keys
Authentication for Finverse’s customer dashboard via Auth0, a leading 3rd party access management platform, supporting common single sign-on (SSO) and social login methods