Security testing

The security of the Funding Circle web application has been subject to an independent and professional review. The security review methodology used is based on best practice as described by the OWASP organisation. OWASP provides web application security guidance and is widely recognised within commercial and government sectors. The security review tests comply with the ISO 27001 standard, particularly the sections relating to electronic commerce services, which embraces the sub-sections; electronic commerce, on-line transactions and publicly available information. The security review was conducted by First Base Technologies LLP. First Base Technologies has provided pragmatic, business-focused, vendor-neutral information security and testing services since 1989. First Base Technologies' clients range from regional to global firms operating in finance, insurance, retail and law, as well as public sector and government organisations.


Encryption

From the moment any personal or account information leaves your computer to the time it enters Funding Circle’s system all online access is encrypted. Funding Circle employs some of the strongest forms of encryption commercially available for use on the Web today. During any transaction, our 128-bit encryption turns your information into a coded sequence with billions of possible variations, making it nearly impossible for unwanted intruders to decipher. Additionally, private information collected to verify your identity is stored in an encrypted fashion in our database. Funding Circle’s servers possess the proper formulas to turn this code back into meaningful information and complete your transaction. Look for a “closed lock” icon in your browser to confirm if encryption is being used on any Web page you are viewing. Any Web address beginning with “https://...” indicates the page you are viewing uses encryption. The “s” stands for “secured.”


Secure account set-up and login

When you log on to create a Funding Circle account, we ask you to create a username, password, and provide answers to three security questions. This information is encrypted during transmission and will remain a secret as long as you do not disclose it. To securely log on to your Funding Circle account, you are asked to provide your username and password. You must then enter the answer to one of the security questions. Your account will be locked for a period of time if you enter incorrect details to mitigate 'brute force' hacking. If you suspect that someone has had access to your password or answer to security questions, please contact us immediately here.


Timed log-off

Funding Circle’s system will automatically log you off after 15 minutes of inactivity. This reduces the risk of others accessing your information from your unattended computer.


Firewall

Funding Circle’s computer systems are protected 24 hours a day by state-of-the-art firewall technology that blocks unauthorized entry. In order to gain access to authorized information, the Web browser you are using must know the proper protocol, or language, and even then only select information is available.


PCI Compliance

Funding Circle adheres to the standards on protection of account, personal and card-holder data set out by the Payments Security Standards Council (PCI DSS). The PCI DSS includes large financial companies such as American Express, MasterCard Worldwide and Visa Inc. International, and was set up to help facilitate the broad adoption of consistent data security measures on a global basis, in particular for the holding of card-holder data. Please click here for more information.


24-7 security

The servers hosting the Funding Circle website are monitored  24-7 by security teams and CCTV cameras. In addition the movements of any individuals at the data centre are monitored by proximity card readers, with infra-red intruder sensors and door contacts throughout to detect intruders. This ensures your data is safe and secure.