Cyber Security at TurnKey Lender

Owned by TurnKey Lender
Last updated: Apr 03, 2024
5 min read

Cybersecurity serves as a foundational pillar in TurnKey Lender's global success across the business sector. Our innovative solutions manage substantial financial transactions for clients in over 50 countries, underscoring the significant trust placed in our capabilities. Acknowledging this trust's value, we prioritize maintaining the highest security standards for our products. From inception, we have dedicated considerable research and development resources to safeguard our products against unauthorized access, ensuring robust protection against hackers, scams, phishing, and fraud attempts.

Below, we present an overview of TurnKey Lender's security measures and accolades, highlighting our commitment to cybersecurity (within the bounds of what we are permitted to disclose). These initiatives are designed to provide peace of mind regarding the safety and integrity of our solutions:

Guidelines and Standards Compliance

Adhering to global guidelines and standards is not just a regulatory requirement but a commitment to excellence and trustworthiness. These are some of the common standards and guidelines important for TurnKey Lender products and services.

ISO 27001 Certification

ISO 27001 is an international standard for information security management systems (ISMS), first published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005. It guides establishing, implementing, maintaining, and continually improving an information security management system and outlines a framework for organizations to manage the security of assets such as financial information, intellectual property, employee details, and information entrusted by third parties.

Achieving ISO 27001 certification demonstrates TurnKey Lender’s systematic approach to managing sensitive company and customer information, ensuring it remains secure. It covers aspects from physical security and data encryption to access controls and policy implementation, signifying a gold standard in information security.

Considering the importance of these guidelines for the company’s activity, TurnKey Lender employs an ISO 27001-certified auditor with a Ph.D. in Cyber Security, ensuring our continuous alignment therewith.

PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) was introduced in 2004 by PCI Security Standards Council major credit card companies as a unified approach to safeguarding cardholder data for all types of transactions. In particular, it provides guidelines on the safe and proven ways to build and maintain a secure network and systems, protect cardholder data, maintain a vulnerability management program, implement strong access-control measures, regularly monitor and test networks, and maintain an information security policy.

Compliance with PCI DSS is crucial for any entity that handles credit card transactions, ensuring that customer payment information is kept secure from fraud and breaches. TurnKey Lender’s adherence to this standard underscores our dedication to protecting sensitive financial information and running annual scans to verify ongoing compliance.

SOC 1 & SOC 2 Compliance

System and Organization Controls (also known as Service Organization Controls) defined by the American Institute of Certified Public Accountants are frameworks that help to ensure service providers manage data securely to protect the interests of the organization and the privacy of the clients. SOC 1 focuses on internal control over financial reporting, while SOC 2 is designed to address the management of customer data based on five "trust service principles”: security, availability, processing integrity, confidentiality, and privacy. Originating in the USA, they are recognized globally.

Compliance with SOC 1 and SOC 2 standards signifies that TurnKey Lender adheres to the rigorous audit processes for internal controls relevant to financial reporting and management of customer data, ensuring the highest levels of security and privacy. Supporting our commitment to operational excellence and reliability it provides our clients and partners with assurance that we manage data with integrity and following industry best practices.

NIST Compliance

The National Institute of Standards and Technology, part of the U.S. Department of Commerce, issues guidelines for various aspects of information technology, including cybersecurity. One of the key documents, the NIST Cybersecurity Framework, was first published in 2014, offering a policy framework of computer security guidance mitigating organization cybersecurity risks.

While being primarily aimed at organizations in the United States and worldwide, it is also used globally as a best practice framework to ensure the organizational understanding of cybersecurity risk management, provide appropriate safeguards to ensure the delivery of critical infrastructure services, develop and implement appropriate activities to identify the occurrence of a cybersecurity event, take action regarding a detected cybersecurity incident, maintain plans for resilience and to restore any capabilities or services that were impaired due to the incident.

By aligning the software architecture with NIST guidelines, TurnKey Lender proactively mitigates cyber risks and enhances the cybersecurity posture in line with globally recognized practices.

OWASP Compliance

The Open Web Application Security Project ( OWASP) is an international non-profit organization dedicated to web application security. One of its most well-known contributions is the OWASP Top 10, a regularly updated report outlining the most critical web application security risks, and the OWASP Application Security Verification Standard (ASVS) Project that provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. The standard provides a basis for testing application technical security controls as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection.

Adhering to the standard in every aspect of identification, authentication, authorization, integrity, non-repudiation, confidentiality, and privacy, TurnKey Lender can secure its products against the most prevalent threats, once again committing to safeguarding client data.

Global Data Protection Compliance

TurnKey Lender ensures compliance with the General Data Protection Regulation (GDPR) in the European Union and aligns with various international data protection laws that embody similar principles to the GDPR. This includes the UK's Data Protection Act (DPA), the California Consumer Privacy Act (CCPA) in the United States, Singapore's Personal Data Protection Act (PDPA), Australia's Privacy Act 1988, which encompasses the Australian Privacy Principles (APPs), and New Zealand's Privacy Act 2020. TurnKey Lender procedures and flows ensure the protection of essential user rights as mandated by these regulations, such as opt-in consent, the right for data portability, and the right to be forgotten, safeguarding personal information across all jurisdictions we operate in.

General Security Measures

TurnKey Lender implements multiple measures integral to our operational framework and ensuring that every interaction and transaction is secured to the highest standards. These are some of the key security practices used:

  • API Clients: For integrations with third-party products and services TurnKey Lender generates unique secret keys for each connection. This ensures granular control over data access and enables quick disconnection from risky integrations.

  • Secure Transmission: Sensitive information is transmitted exclusively via HTTPS protocol, adhering to the best practices for secure web communications.

  • Server-Side Processing: All sensitive information is processed on the server side, minimizing the risk of unauthorized access during data transit.

  • Anti-DDoS Measures: The system is equipped with anti-DDoS throttling protection to mitigate the risk of denial-of-service attacks.

  • Enhanced Password Security: Passwords are encrypted and stored in the database as salted hashes, a cryptographic measure that significantly enhances security.

  • Security Features Configuration: TurnKey Lender provides customizable password strength and two-factor authentication settings to meet the specific security requirements of each client. This flexibility extends to password management policies and CAPTCHA settings, which are fully customizable to suit your operation's needs.

  • User Permissions Management: Tailored user permissions ensure individuals access only the necessary data and systems for their roles, enhancing operational security across the organization.

  • Web Application Protection: The web application is fortified against XSS, scripts, SQL injections, and other common cyberattack types, ensuring a robust defense against digital threats.

  • Temporary User Lockout: To protect against unauthorized access attempts, the system supports temporary user lockout after multiple consecutive failed authentication attempts.

  • Fraud Prevention: A comprehensive set of fraud-prevention rules is integrated into the system, offering advanced protection against fraudulent activities.

  • Sanction Screening: Utilization of OpenSanctions (OFAC) lists aids in preventing business interactions with sanctioned or blacklisted individuals and entities worldwide.