How TrueLayer handles security details:
- An end-user shares their login credentials with TrueLayer through a secure TLS channel.
- TrueLayer generates a unique key (different for each set of credentials)
- The credentials are enciphered using AES-256
- The unique key is embedded in the JWT token that is returned back to the application and never stored by TrueLayer.
- The application submits the Access Token as part of a data request to TrueLayer.
This means that even if our Credentials Store is breached, the privacy of credentials will not be compromised.