Data Security in Allmybanks
The security of our software is our top priority. We implement measures to constantly improve our systems and comply with evolving security standards (user authentication, data confidentiality and integrity, validation workflows, etc.).
Allmybanks’ technical teams take care of the hosting, maintenance and backup of all customer data.
This data is stored in two Equinix data centers in the Paris area that are ISO 27001 and ISO 22301 certified (the highest levels of certification for information security and business continuity management). All our equipment is doubled (servers, hard disks, etc.) to ensure constant availability and data is backed up and encrypted in real time on a backup server. With this highly secure infrastructure, we ensure that there is no loss or deletion of data in case of failure.
Moreover, our customers own the data stored in Allmybanks, they can export or migrate their data, for a change of bank for example, while keeping their history.
Anti-fraud features in the software
We have implemented advanced features in the Allmybanks software to avoid any risk of payment fraud:
- Strong two-factor authentication to connect to the application
- Autonomy and advanced parameterization of authorizations by user (access to certain functionalities, authorizations on bank accounts, ceilings for the validation of remittances, etc.)
- Implementation of an order validation workflow
- Individual digital signature for validation of payment files before sending them to the bank
- Real-time audit of bank accounts at the level of registered beneficiaries and payment files
- Complete traceability of user actions
Audited and certified software
ISO 27001 certification
Exalog is ISO 27001 certified, demonstrating our commitment to security and IT risk management. ISO 27001 is the global benchmark for information security management systems (ISMS), guaranteeing optimum protection for sensitive data. This certification underlines our compliance with the most stringent information security requirements, notably through the identification and management of risks, the implementation of robust security measures and the proactive management of security incidents. This achievement reflects our company culture of continuous improvement and the protection of our clients’ data.
ISAE 3402 Report
Allmybanks recently received its ISAE 3402 report after an extensive audit by PWC. The ISAE 3402 report is an international standard recognized by financial regulators and companies around the world as a mark of quality for internal control and risk management services. This certification is a sign of confidence for our customers and business partners, who can be assured that we implement sound and transparent practices.
As a SWIFTNet connectivity provider, Allmybanks has also been audited and certified by SWIFT annually since 2016. The SWIFT Compatible Application (formerly SWIFT Certified) label guarantees that our software meets the highest security standards for user authentication, data confidentiality and integrity, and service availability.
Data exchange and confidentiality
We ensure that the data shared in our application with banks/ERPs is not accessible by a third party and that the information is properly transmitted. When you use the Allmybanks software on your web browser, data exchanges between your computer and our server are protected according to the security recommendations of the ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information).
Our Allmybanks server has an SSL/TLS certificate issued by the internationally recognized certification authority Thawte. This certificate automatically verifies the identity of the server each time you connect to our application. This ensures that you are browsing the Allmybanks site and not a pirate site imitating our interface.
Finally, in compliance with the General Data Protection Regulation (GDPR), all your personal data hosted in Allmybanks is encrypted: names, emails, phone numbers, account numbers, credit card numbers, etc.