Security testing

The security of the Funding Circle website is subjected to an independent and professional security review several times a year. The security review methodology used is based on best practice as described by the OWASP organisation. OWASP provides web application security guidance and is widely recognised within commercial and government sectors. All independent security professionals are certified in their areas of expertise and we only employ CREST certified companies to perform security audits on our website.


Encryption

From the moment any information you enter on our website leaves your computer to the time it enters Funding Circle’s system it is encrypted. Funding Circle employs some of the strongest forms of encryption commercially available for use on the Web today. During any transaction, our encryption turns your information into a coded sequence with billions of possible variations, making it nearly impossible for unwanted intruders to decipher. Look for a “closed lock” icon in your browser to confirm if encryption is being used on any Web page you are viewing. Any Web address beginning with “https://...” indicates the page you are viewing uses encryption. The “s” stands for “secured.”


Secure account set-up and login

When you log on to create a Funding Circle account, we ask you to create a username, password, and provide answers to three security questions. To securely log on to your Funding Circle account, you are asked to provide your username and password. Passwords are stored in an encrypted form in our systems. You must then enter the answer to one of the security questions. If you suspect that someone has had access to your password or answer to security questions, please contact us immediately here.


Timed log-off

Funding Circle’s system will automatically log you off after a certain period of inactivity. This reduces the risk of others accessing your information from your unattended computer.