How TrueLayer handles security details:
- An end-user shares their login credentials with TrueLayer through a secure TLS channel.
- TrueLayer generates a unique key (different for each set of credentials)
- The credentials are enciphered using AES-256
- The unique key is embedded in the JWT token that is returned back to the application and never stored by TrueLayer.
- The application submits the Access Token as part of a data request to TrueLayer.
This means that even if our Credentials Store is breached, the privacy of credentials will not be compromised.
TrueLayer leads the way in Enterprise security
We adhere to and comply with privacy, security and regulatory requirements, and are registered with the ICO, the FCA and are certified as ISO27001 compliant.