How Belvo keeps financial data secure
We are aware of the criticality of financial data. Trust, safety, and security are core values of Belvo. Learn more about our information security program and how we’re building an open finance platform in Latin America with security at heart.
Enabling secure open finance models
One of the main goals of open finance models is to facilitate users to share their financial data in a safe, frictionless, and permissioned way – whenever they decide to, with the companies they choose–, to access better financial services and make bank-to-bank payments.
Our platform has been designed from scratch to make this possible: secure protocols, mechanisms, and state-of-the-art technologies are put in place at every step of the process of connecting and processing financial data and moving money to ensure that it is always safe and protected.
And we’ll continue to do so. We constantly research, develop, and deploy new security measures to make our product, our company, and open finance better and safer every day.
Data is always secure and private
Our platform was developed from the ground up to store and protect financial information and banking credentials: data never enters or leaves Belvo without being encrypted. We apply security-by-default and privacy-by-default practices in the development of our products.
Data management procedures
We employ a robust set of policies focused on describing roles, responsibilities, and access levels for each data category, focusing on least privilege and need-to-know principles.
Encryption in transit
All network communication with Belvo is encrypted using TLS and secure ciphers. Belvo’s TLS configuration aims for A+ ratings in industry benchmarks like Qualys SSL.
Encryption at rest
All persistent data is encrypted at rest using industry-standard AES-256 encryption and leverages AWS services for storage and encryption.
Enterprise-grade security and compliance standards
Belvo uses state-of-the-art protocols and follows regulatory best practices to protect the account information and privacy of our customers.
Belvo was the first open finance API platform in Latin America to obtain the ISO/IEC 27001:2013 certification and is aiming to become PCI-DSS certified.
This certifies that Belvo complies with more than 100 security requirements for the implementation of an information security management system.
ISO 27001 covers all of our company’s operations, including all product lines, processes, human resources security, data management, communications, and supply chain management.
Constant monitoring and security policies
We have implemented a state-of-the-art information security program throughout the company and we audit and test our platform on an ongoing basis.
Third-party penetration tests
Third-party penetration tests are regularly conducted against our platform.
We carry out periodic threat assessments and ongoing risk management using experienced staff and robust processes.
Around-the-clock monitoring and detection
Our real-time alert system detects and analyzes security signals in our logs.
Policies and culture
We apply strict information security policies throughout the company and we train our team on an ongoing basis.
Belvo has a dedicated security team focusing on the security of our products, our company, and the data of our customers.
Bug bounty program
Belvo believes in collaboration with the security research community and has a Bug Bounty program in place.
Strong data encryption
Using strong cryptography in compliance with NIST guidelines.
We apply two-factor authentication for all internal systems.
Infrastructure and application security
Best-in-class cloud infrastructure
Belvo leverages Amazon Web Services (AWS) for its infrastructure and hosting needs. AWS is the gold standard in terms of data center security and availability, with strict access control measures and multiple redundancies that guarantee the uninterrupted operations of Belvo’s services.
Compliant and redundant data centers
We deploy our infrastructure in three redundant data centers and have an automated, zero-downtime failover mechanism in the unlikely case of a data center outage. Our data centers comply with major compliance and regulation programs, including ISO 27001, PCI-DSS, and SOC 2.
Belvo employs strict network segmentation and segregation following the least privileged principles as well as network firewalls provided by AWS along with industry-leading Web Application Firewalls (WAF).
Questions about security?
If you have any additional questions about security at Belvo, please contact [email protected]