How Salt Edge security works
Salt Edge is a leading global open banking solution provider that has a proactive approach towards information security. The company has a constantly evolving information security management system, which includes internal policies, regular audits, comprehensive instructions and valuable documentation on “why” and “how” the information assets are being protected. Salt Edge is ISO 27001 certified in scope of “developing, managing, and providing financial IT services”, as well as PCI DSS compliant, which represents a guarantee of high-security requirements and standards.
Credentials transfer and storage
Salt Edge uses multiple encryption layers as well as tokenisation technology to protect the most valuable data in our possession. The entire communication is done via TLS encrypted channels. The credentials are encrypted at least twice and they can be accessed only with one-time tokens. That means that if there is a breach in transmission, or if the public-facing Salt Edge API servers are compromised, the attackers will not be able to read the credentials.
Infrastructure security
Salt Edge uses multiple defensive layers in order to protect end-customer data. Access to the company systems requires multi-factor authentication. The databases are both physically and logically protected from general employee access. All employees sign a non-disclosure agreement and go through a background and criminal records check before starting to operate. Once new staff members are hired, they go through a rigorous educational program about security and privacy of data. All company visitors are escorted by authorised personnel.
Salt Edge is regularly performing internal and external penetration tests in order to identify all the risks related to its network, services security, processes around the networks and applications. In order to ensure information system uptime, data integrity and availability, and business continuity, Salt Edge has implemented a Business Continuity/Disaster Recovery Plan.
Performance
Salt Edge serves hundreds of thousands of end-customers on a daily basis. Therefore, one of the company's top priorities is to ensure a consistent and fluid user experience. The company’s engineers take a data-driven approach to performance, by collecting a wide range of metrics from logs. Performance enhancement is a never-ending process. Salt Edge ensures a 99th percentile HTTP response time of 250ms for all its public endpoints.
Monitoring
The DevOps team is extensively monitoring the company’s systems and services to ensure that all products have stellar availability and performance. Besides the automated and data-driven tools for monitoring, there is also a 24/7 incident reporting channel available to clients, which can be used to notify Salt Edge for immediate action.
General Data Protection Regulation (GDPR)
Salt Edge handles personal data of end-customers located worldwide, including individuals residing within the EU. Therefore, the company’s standards of data processing put the utmost efforts to ensure compliance with GDPR. This is the most impactful change in data privacy regulation for the past 20 years. GDPR is a regulation issued by the European Commission, the European Parliament, and the Council of Ministers of the European Union, with the goal to improve the protection of personal data within the European Union. Being compliant with the GDPR means that the security and privacy of the provided services are always at the forefront of Salt Edge’s business.
Revised Payment Services Directive (PSD2)
Salt Edge is part of the global financial technology industry. An important part of the company’s clients are based and active in the European Union. Being AISP licensed under PSD2 means that Salt Edge has to maintain a high security and privacy level with respect to its services, servers, data centers, networks, employees, policies and business processes.
ISO/IEC 27001:2022
ISO/IEC 27001:2022 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. Being ISO 27001 certified in scope of “developing, managing, and providing financial IT services”, Salt Edge demonstrates that its services meet the expectations of their customers and that the data is handled in accordance with the highest international security requirements and standards.
SOC 2 (System and Organization Controls 2)
Auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It assesses how well a service organization manages data to protect the privacy and interests of its clients.