Security
Payment services for CurrencyWave are provided by Currencycloud, a trusted global payments platform owned by Visa. Here is some important information about their security:
Technical Security
Currencycloud takes the security of your data and money very seriously. They are ISO/IEC 27001:2013 compliant and consistently review and enhance their processes and systems to ensure that they remain secure.
Physical security
The service operates on Amazon Web Services (AWS) which is certified under a number of global compliance programmes which underlines best practices in terms of data centre security.
- ISO 27001 Information Security Management Controls
- ISO 27018 Personal Data Protection
- PCI-DSS Level 1 Payment Card Standards
- SSAE16/SOC 1, SOC2 and SOC 3
- FIPS United States Government Security Standards
For the full list of AWS compliance programs see: https://aws.amazon.com/compliance/pci-data-privacy-protection-hipaa-soc-fedramp-faqs/
More information about AWS data centre controls may be found here: https://aws.amazon.com/compliance/data-center/controls/
Network security
There are dedicated systems in place to protect against Distributed Denial of Service (DDoS) attacks as well as man-in-the-middle attacks. They use reputable registrars to protect against domain hijacking and “phishing” attacks.
The platform undergoes regular penetration testing and has protection in place against common vulnerabilities like code injection attacks and cross-site scripting attacks.
Encryption
All network traffic is encrypted at a transport level and confidential information is encrypted at rest. They use best practices in terms of encryption key storage and security.
Information security
The platform and operational security is certified under ISO/IEC 27001:2013, the international best practice standard for Information Security Management Controls which is independently audited.
They also comply with best practices and regulations pertaining to the management of personal data under the UK Data Protection Act (DPA), as well as the upcoming European Union General Data Protection Regulation (GDPR).
Strong access control
The platform provides a role based, hierarchical security model with two-step authentication and multi-factor authentication for sensitive systems. All access is logged and audited for suspicious behaviour.
Use Currencycloud with confidence
Your money and your data is as important to us as it is to you. Here are some of the things we do to make sure that you can use our services with peace of mind.
Regulated in the UK, EU and USA
For clients based in the United Kingdom and rest of the world, payment services for CurrencyWave are provided by The Currency Cloud Limited. Registered in England and Wales No. 06323311. Registered Office: Stewardship Building 1st Floor, 12 Steward Street London E1 6FQ. The Currency Cloud Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 for the issuing of electronic money (FRN: 900199).
For clients based in the European Economic Area, payment services for CurrencyWave are provided by CurrencyCloud B.V.. Registered in the Netherlands No. 72186178. Registered Office: Nieuwezijds Voorburgwal 296 – 298, Mindspace Nieuwezijds Office 001 Amsterdam. CurrencyCloud B.V. is authorised by the DNB under the Wet op het financieel toezicht to carry out the business of an electronic-money institution (Relation Number: R142701).
For clients based in the United States, payment services for CurrencyWave [are provided by The Currency Cloud Inc. which operates in partnership with Community Federal Savings Bank (CFSB) to facilitate payments in all 50 states in the US. CFSB is registered with the Federal Deposit Insurance Corporation (FDIC Certificate# 57129). The Currency Cloud Inc is registered with FinCEN and authorised in 39 states to transmit money (MSB Registration Number: 31000206794359). Registered Office: 104 5th Avenue, 20th Floor, New York , NY 10011.
Trusted by more than a million people
Currencycloud process over $1bn a month on behalf of hundreds of thousands of people and companies.
Privacy
They comply with best practices and regulations pertaining to the management of personal data under the UK Data Protection Act (DPA), as well as the upcoming European Union General Data Protection Regulation (GDPR).
Secure Platform
They are ISO/IEC 27001:2013 compliant and have robust processes to protect their systems.
Financial backing
In 2021, Currencycloud was acquired by Visa Inc. By choosing Currencycloud as our e-money provider, we have peace of mind knowing that they are backed by one of the world’s largest capitalised financial institutions.
Safeguarding funds
Your money is held in separate accounts with tier one banks. In the unlikely event of Currencycloud ceasing to exist, your money remains protected.When funds are posted to your account, e-money is issued in exchange for these funds, by an Electronic Money Institution who we work with, called Currencycloud. In line with regulatory requirements, Currencycloud safeguards your funds. This means that the money behind the balance you see in your account is held at a reputable bank and, most importantly, is protected for you in the unlikely event of Currencycloud’s, or our insolvency. Currencycloud stops safeguarding your funds when the money has been paid out of your account to your beneficiary’s account.