Cybersecurity is one of the cornerstones of the success TurnKey Lender has had with businesses worldwide. Through our clients, our solutions operate enormous sums of money in 50+ countries and we realize how much this trust means and how important it is for us to keep our products as secure as possible. This is why since day one we've been putting a lot of effort and R&D resources into ensuring our products are well-protected from hackers, scammers as well as phishing and fraud attempts.
Here are some of the TurnKey Lender's security measures and accolades (that we're allowed to disclose) which will put your mind at ease:
General security measures
API Clients - when integrating with third-party products and services, TurnKey Lender generates unique secret keys for each case. This helps make sure that you're always in control of who gets access to what data and can cut the cord on a risky integration in a matter of seconds.
ISO 27001 - TurnKey Lender is an ISO 27001:2013 certified company (see attachment). This certificate confirms that all the development, testing and customer data processing processes comply with the policies and procedures of ISO 27001:2013.
- TurnKey Lender employs a certified ISO 27001 auditor (Ph.D. in Cyber Security). He constantly supervises our operation and guarantees that our new features and releases are fully compliant with ISO 27001.
- PCI DSS compliant - TurnKey Lender has received a PCI certification. It signifies that the company maintains rigorous data security standards to ensure that its customer's credit card information remains safe and secure. The recurring scans take place every year.
NIST - Our software architecture is built in compliance with the NIST (National Institute of Standards and Technology) guidelines (Guide to Secure Web Services)
OWASP - TurnKey Lender products comply with OWASP Application Security Verification Standards. The software meets the requirements for identification, authentication, authorization, integrity, non-repudiation, confidentiality, and privacy.
OpenSanctions (OFAC) - TurnKey Lender uses the OpenSanctions (OFAC) lists to help lenders avoid doing business with sanctioned and blacklisted people and companies around the globe.
IMDA Singapore- TurnKey Lender is among the few companies accredited by IMDA (the Infocomm Media Development Authority of Singapore - a statutory board in the Singapore government). The Accreditation@SGD program aims to accelerate the growth of innovative Singapore-based Infocomm media companies by helping them establish credentials, build a track record, and scale globally.
User permissions' - user permissions' management in TurnKey Lender allows you to grant users access rights only to the workplaces and data they need in their day-to-day work. This helps minimize risks of compromising operation's security no matter how many employees you may have.
GDPR-compliance - Default Privacy Notice comes built-in with the System and is drafted exclusively for TurnKey Lender Clients. All end-user rights are implemented to adhere to the GDPR rules (e.g. opt-in consent system and the right to be forgotten).
Adjustable password strength - you can set your own requirements for required password strength. It is set via the configuration file and is not available from back-office. Please, get in touch with your TurnKey Lender manager to change these settings.
Two-factor authentication - two-factor authentication is enabled and set up via the configuration file and is not available from back-office. Please, get in touch with your TurnKey Lender manager to change these settings.
Technical security measures
The web application is protected against XSS, scripts, SQL injections, and other common cyberattack types.
Sensitive information is only sent to the servers via the HTTPS protocol as per the best practices accepted on the web.
Sensitive information is processed on the server-side only.
All passwords are encrypted and then stored in the database as Salted Hash (cryptographic security measure).
Two-factor authentication support comes built-in in the System and is encouraged.
Password management policies can be flexibly adjusted to your operation's needs and are fully customizable.
The System supports temporary user lockout. It takes place after multiple consequent failed authentication attempts.
The System is enhanced with anti-DDoS throttling protection.
- The System comes with a wide array of fraud-prevention rules built-in.
The certificate (attached below) is to confirm that all processes of development, testing, and customer data processing comply with the policies and procedures of ISO 27001:2013.
Furthermore, we employ a certified ISO 27001 auditor, who has a Ph.D. in Cyber Security. He constantly supervises our operation and guarantees that our new features and releases are fully compliant with ISO 27001.