To do this, we supply a UI that securely receives a customer's online banking credentials and uses them to fetch a list of eligible bank accounts for the customer to select from. This ensures that not only are the bank account details correct but that the customer has access to this bank account.
- No caching of requests is performed on our servers
- We do not capture or store usernames or passwords
- We utilise the highest standards of encryption
During a Split transaction, no one can access or see your internet banking login credentials. All communication via Split takes place using HTTPS transport level security and no sensitive information is stored (not even cached).
In order to maintain our high-security standards, Split Payments has undertaken the following:
- We use a proxy server between the customer and the internet banking site, which has advanced security against DNS poisoning and other threats.
- We have numerous server-side transaction integrity checks to ensure no tampering
- Our development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
- Only required personnel have access to the production environment
- Our physical infrastructure is hosted and managed in an ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centre.
- We conduct behavioural monitoring, vulnerability assessment, SIEM and intrusion detection to detect threats and keep our system safe and secure.
- Firewalls are utilised to restrict access to systems from external networks and between systems internally.