Belvo

How Belvo
handles security

Security is a top priority at Belvo. Our platform uses the highest security standards to protect our customers’ account information and their privacy at every step of the process.

Data handling and encryption are key pillars of the Belvo platform

Encryption built from scratch with bank-grade standards

Belvo is a safe platform that was designed from the ground up to store and encrypt banking credentials. We use strong symmetric encryption algorithms, with timestamping and anti-tampering capabilities. For symmetric encryption and credentials storage, we use the battle-tested AES cipher. For message authentication, we use HMAC and SHA256.

At all points in time, Belvo encrypts data in-flight and at rest using strong encryption. The following diagram illustrates the link creation flow and the encryption capabilities implemented by Belvo:

Belvo Link Creation Flow

Enterprise-grade compliance: ISO 27001

As part of our commitment towards best-in-class international security standards, we use bank-grade security standards and we adhere to and comply with privacy, security, and regulatory best practices. 

Belvo has obtained a certificate of registration that assesses the company’s conformity with the requirements of ISO/IEC 27001:2013, the most rigorous global security standard for information security management systems (ISMS).

This ISO 27001 certificate, issued by an external auditor, acknowledges that Belvo complies with more than 100 security requirements for the safe implementation of an ISMS defined by ISO. 

These include a set of processes, policies, and mechanisms that guarantee the confidentiality, integrity, and availability of the company’s data at all times. 

ISO 27001 covers all of our company’s operations, including all product lines, processes, human resources security, data management, communications, and supply chain management. 

The company is also in the process of becoming PCI-DSS certified. 

Best-in-class security infrastructure

Where is Belvo’s infrastructure hosted?

Our infrastructure is hosted on Amazon Web Services (AWS). AWS is currently the gold standard in terms of data center security and availability, with strict access control measures and multiple redundancies that guarantee the uninterrupted operations of Belvo’s services.

We deploy our infrastructure in three redundant data centers and have an automated, zero-downtime failover mechanism in the unlikely case of a data center outage.

Our Datacenters comply with major compliance and regulation programs, including ISO 27001, PCI-DSS, and SOC 2.

Transmission security is at the core of our infrastructure

All data served over our REST API uses HTTPS. Data is always encrypted in transit and at rest. We follow SSL best practices, including HSTS and TLS cipher suite configuration. Belvo scores an A+ in the Qualys SSL Test.

Highly-rigorous standards in product and corporate security

Some examples include:


Superior technology in data extraction at the cornerstone of our platform’s security

How does Belvo connect with data sources to retrieve data?

Belvo employs proprietary technology and takes a novel approach to data retrieval and normalization at scale. Our technology relies on accessing the underlying APIs used by mobile banking apps and online banking websites. This is in contrast with screen scraping, which is a less sophisticated approach relying on mimicking website navigation – which is slower, more fragile, and prone to errors.

The benefits of our approach include:


Questions about security?

If you have any additional questions about security at Belvo, please contact security@belvo.com.