Cybersecurity serves as a foundational pillar in TurnKey Lender's global success across the business sector. Our innovative solutions manage substantial financial transactions for clients in over 50 countries, underscoring the significant trust placed in our capabilities. Acknowledging this trust's value, we prioritize maintaining the highest security standards for our products. From inception, we have dedicated considerable research and development resources to safeguard our products against unauthorized access, ensuring robust protection against hackers, scams, phishing, and fraud attempts.
Below, we present an overview of TurnKey Lender's security measures and accolades, highlighting our commitment to cybersecurity (within the bounds of what we are permitted to disclose). These initiatives are designed to provide peace of mind regarding the safety and integrity of our solutions:
API Clients: For integrations with third-party products and services, TurnKey Lender generates unique secret keys for each connection. This ensures granular control over data access and enables quick disconnection from risky integrations.
Software Architecture Compliance: Our software architecture adheres to the National Institute of Standards and Technology (NIST) guidelines for secure web services, ensuring robust and reliable security measures are in place.
Sanction Screening: Utilization of OpenSanctions (OFAC) lists aids in preventing business interactions with sanctioned or blacklisted individuals and entities worldwide.
API Clients - when integrating with third-party products and services, TurnKey Lender generates unique secret keys for each case. This helps make sure that you're always in control of who gets access to what data and can cut the cord on a risky integration in a matter of seconds.
ISO 27001 - TurnKey Lender is an ISO 27001:2013 certified company (see attachment). This certificate confirms that all the development, testing and customer data processing processes comply with the policies and procedures of ISO 27001:2013.
NIST - Our software architecture is built in compliance with the NIST (National Institute of Standards and Technology) guidelines (Guide to Secure Web Services)
OWASP - TurnKey Lender products comply with OWASP Application Security Verification Standards. The software meets the requirements for identification, authentication, authorization, integrity, non-repudiation, confidentiality, and privacy.
OpenSanctions (OFAC) - TurnKey Lender uses the OpenSanctions (OFAC) lists to help lenders avoid doing business with sanctioned and blacklisted people and companies around the globe.
User permissions' - user permissions' management in TurnKey Lender allows you to grant users access rights only to the workplaces and data they need in their day-to-day work. This helps minimize risks of compromising operation's security no matter how many employees you may have.
GDPR-compliance - Default Privacy Notice comes built-in with the System and is drafted exclusively for TurnKey Lender Clients. All end-user rights are implemented to adhere to the GDPR rules (e.g. opt-in consent system and the right to be forgotten).
Adjustable password strength - you can set your own requirements for required password strength. It is set via the configuration file and is not available from back-office. Please, get in touch with your TurnKey Lender manager to change these settings.
Two-factor authentication - two-factor authentication is enabled and set up via the configuration file and is not available from back-office. Please, get in touch with your TurnKey Lender manager to change these settings.
The web application is protected against XSS, scripts, SQL injections, and other common cyberattack types.
Sensitive information is only sent to the servers via the HTTPS protocol as per the best practices accepted on the web.
Sensitive information is processed on the server-side only.
All passwords are encrypted and then stored in the database as Salted Hash (cryptographic security measure).
Two-factor authentication support comes built-in in the System and is encouraged.
Password management policies can be flexibly adjusted to your operation's needs and are fully customizable.
The System supports temporary user lockout. It takes place after multiple consequent failed authentication attempts.
The System is enhanced with anti-DDoS throttling protection.
The certificate (attached below) is to confirm that all processes of development, testing, and customer data processing comply with the policies and procedures of ISO 27001:2013.
Furthermore, we employ a certified ISO 27001 auditor, who has a Ph.D. in Cyber Security. He constantly supervises our operation and guarantees that our new features and releases are fully compliant with ISO 27001.