We use 256 bit encryption, the same encryption that banks use – but what does this mean?


256 bit AES (Advanced Encryption Standard) encryption means 2256 – an incredibly vast number – roughly equal to 1060 (10 followed by 60 zeros) – that lists the possible encryption combinations that your data has been encoded with – that hackers would have to sort through in order to decrypt your information. The most powerful computers would take many years to crunch through that many combinations. It’s never been done.

We use specific industry-standard defences to combat cyber-attack attempts to intercept instructions going to and from our servers (so-called Man-in-the-middle or Replay attacks). We will be happy to provide more information on this if requested. It’s too long an explanation for a website page!

Data hosting:

Our servers are located in London, hosted by Digital Ocean Inc/Equinix, who are fully ISO 27001:2005 and 2013 (Information Security Management System Standard) compliant – the most widely-accepted certification available for supporting information and physical security and business continuity.

We do not store your bank logins on our server: they are stored on a separate server by our technology partner where they are programmed to login weekly to read your qualifying transactions – websites that tell you they do not store your bank logins are not strictly telling the truth. But as explained, encryption provides total protection.

So how do bank accounts get hacked?

The simple answer is – not by hacking your bank logins. After all, even if someone did know your logins and got into your account, they could only pay someone already on you payee list – not themselves, so it wouldn’t be much use to them.

Bank accounts are hacked via debit cards. A July 2016 report by Which? Consumers magazine entitled “Online Banking – How safe is online banking?” lists six risks:

1. Remote purchase or ‘card not present’ fraud

2. Counterfeit (cloned/skimmed card) fraud

3. Fraud on lost or stolen cards

4. Card identity theft

5. Card non-receipt (in post)

6. Phishing/vishing

So the five main ways are directly related to debit cards – not online banking itself. Keep your PIN and card details safe! The sixth, phishing, is when you are deceived into giving out your card or security details to a fraudster, who then uses to them take money from your account. So be careful opening un-recognised emails or website links.

We do not ask you for card or PIN details.