Security

Platform Security

Architecture

Our architecture is multi-tenant by design and data filters are applied ensuring that access to data is restricted based one's job role and associated access privileges.

Encryption

Data in transit is encrypted using SSL certificates (TLS 1.2) meaning that unauthorized individuals cannot decipher your confidential financial information.

Hosting Provider

TransferMate use AWS for data hosting services. AWS are ISO27001 and maintain SOC 1 and SOC 2 reports.

Compliance Controls

Our approach streamlines international payments within a regulated proprietary network, with best-in-class compliance controls embedded within the payment process.

Data Security

Data Deletion

We only retain data for as long as is required under regulatory and legislative requirements. Data retention timelines are defined, and procedures are in place to comply with erasure requests from our clients.

Security of Data Processing Activities

TransferMate is headquartered and registered in Ireland and subject to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Technical and organizational controls are implemented and maintained as per industry best practice; these controls are externally audited on a bi-annual basis by our ISO27001 auditor.

Awareness Training

TransferMate takes the privacy of our clients seriously and complies with all local data protection laws in the jurisdictions where we operate in. Staff undergo mandatory annual training and testing.

Funds Security

Financial Crime Prevention

We have multiple, robust anti-payment fraud protections in place, using AI and automated reporting and flagging processes from automated reporting procedures to human operators.

We combine an AI-driven anti-money laundering solution capable of operating 24/7 and in near real-time to handle rapidly growing transaction volumes, with human operators who deliver an exceptional customer experience.

Sanction Screening

We implement advanced sanction screening protocols for all international payments, examining transactions to identify any involvement with individuals, organizations, or countries subject to economic sanctions. We go a layer above by sanctioning screen any 3^rd parties, 3^rd party banks and 3^rd party countries, as well as the counter-party BIC.

Real-Time Risk Assessment

All transactions that go through the TransferMate payment network is subject to real-time assessment, catching potentially fraudulent payments early.

Vendor Management

TransferMate has defined rules for engagement with third parties. Requirements include contracts and due diligence to ensure that services commissioned are from reputable companies that operate in accordance with all applicable industry, regulatory and legislative requirements.

Security Testing

Patch Management

A risk-based approach is taken with all critical patches installed within 7 days or less in line with our patch management standard.

External Audits

A dedicated audit program is in place with several internal audits completed on a monthly basis and bi-annual external audits completed to ensure conformance of our Information Security Management System with ISO27001.

Penetration Testing

Testing is conducted at least annually by a third-party provider. Vulnerabilities are assigned owners and tracked to remediation in our IT governance forums.

Security Incident and Event Notification

24 x 7 system monitoring is undertaken by our Security Operations Centre provider. TransferMate has a documented and established incident management procedure with incident severity and points of escalation defined.