Belvo

How Belvo keeps financial data secure

We are aware of the criticality of financial data. Trust, safety, and security are core values of Belvo. Learn more about our information security program and how we’re building an Open Finance platform in Latin America with security at heart. 

Safe data sharing and processing

Enabling secure Open Finance models

One of the main goals of Open Finance models is to facilitate users to share their financial data in a safe, frictionless and permissioned way – whenever they decide to, with the companies they choose–, to access better financial services.

Our platform has been designed from scratch to make this possible: secure protocols, mechanisms, and state-of-the-art technologies are put in place at every step of the process of connecting and processing financial data to ensure that it is always safe and protected.

And we’ll continue to do so. We constantly research, develop, and deploy new security measures to make our product, our company, and Open Finance better and safer every day.

HOW WE HANDLE DATA

Data is always secure and private

Our platform was developed from the ground up to store and protect financial information and banking credentials: data never enters or leaves Belvo without being encrypted. We apply security-by-default and privacy-by-default practices in the development of our products.

Data management procedures

We employ a robust set of policies focused on describing roles, responsibilities, and access levels for each data category, focusing on least privilege and need-to-know principles.

Encryption in transit

All network communication with Belvo is encrypted using TLS and secure ciphers. Belvo’s TLS configuration aims for A+ ratings in industry benchmarks like Qualys SSL.

Encryption at rest

All persistent data is encrypted at rest using industry-standard AES-256 encryption and leverages AWS services for storage and encryption.

CERTIFICATIONS AND STANDARDS

Enterprise-grade security and compliance standards

Belvo uses state-of-the-art protocols and follows regulatory best practices to protect the account information and privacy of our customers.

Belvo was the first open finance API platform in Latin America to obtain the ISO/IEC 27001:2013 certification and is aiming to become PCI-DSS certified.

This certifies that Belvo complies with more than 100 security requirements for the implementation of an information security management system.

ISO 27001 covers all of our company’s operations, including all product lines, processes, human resources security, data management, communications, and supply chain management.

Constant monitoring and security policies

We have implemented a state-of-the-art information security program throughout the company and we audit and test our platform on an ongoing basis.

Third-party penetration tests

Third-party penetration tests are regularly conducted against our platform.

Periodic tests

We carry out periodic threat assessments and ongoing risk management using experienced staff and robust processes.

Around-the-clock monitoring and detection

Our real-time alert system detects and analyzes security signals in our logs.

Policies and culture

We apply strict information security policies throughout the company and we train our team on an ongoing basis.

Security team

Belvo has a dedicated security team focusing on the security of our products, our company, and the data of our customers.

Bug bounty program

Belvo believes in collaboration with the security research community and has a Bug Bounty program in place.

Strong data encryption

Using strong cryptography in compliance with NIST guidelines.

Strong authentication

We apply two-factor authentication for all internal systems.

Infrastructure and application security

Best-in-class cloud infrastructure

Belvo leverages Amazon Web Services (AWS) for its infrastructure and hosting needs. AWS is the gold standard in terms of data center security and availability, with strict access control measures and multiple redundancies that guarantee the uninterrupted operations of Belvo’s services.

Compliant and redundant data centers

We deploy our infrastructure in three redundant data centers and have an automated, zero-downtime failover mechanism in the unlikely case of a data center outage. Our data centers comply with major compliance and regulation programs, including ISO 27001, PCI-DSS, and SOC 2.

Network security

Belvo employs strict network segmentation and segregation following the least privileged principles as well as network firewalls provided by AWS along with industry-leading Web Application Firewalls (WAF).

Questions about security?

If you have any additional questions about security at Belvo, please contact [email protected]