FAQ > Security

Overview

  • Please outline what security measures you take to protect End User data ?

    We have implemented the industry standard oAuth 2.0 authentication and authorisation model. When using TrueLayer, an application will never need to access or store credentials or security details, but instead simply redirect the end-user to our secure and customisable “Authorisation Dialog” and receive Tokenised Access to the customer’s data. Our authentication model includes fine-grained permissions and explicit consent. The end-user will:

    1. Be redirected from the Application to TrueLayer;
    2. Select their bank among the different banks and providers that we support;
    3. Securely share login credentials, without disclosing them with the recipient application;
    4. Grant fine-grained permissions to the application;
    5. Provide explicit user consent through a streamlined user experience.
    TrueLayer offers a unique security model that significantly reduces the attack surface to safeguard the privacy of shared credentials. In our model, end-users’ credentials are:
    1. Never accessible by the Application (TPP);
    2. Never accessible by TrueLayer;
    3. Always encrypted while in flight and at rest.
    In our security scheme, user credentials and login details are encrypted with a uniquely generated key, enciphered with AES-256 and the encryption key is embedded in the Access token that is sent to the application and never stored by TrueLayer.

  • Do you have a Security Policy ?

    Yes we do. At TrueLayer, security is of paramount importance to us. We have implemented a robust security programme at TrueLayer to ensure that any data or payment information we receive and transmit, are done within our stringent controls. Further, as part of our obligations for our license, we are required to adhere to regulatory standards, of which security is one.

Contact us
Live Support

Can't find what you are looking for?
Click here to open a live-support chat.

Contact us
Technical Support

Need highly qualified help to solve
a complex problem ? Open a ticket.