Trust and Security

Trust

We believe when it comes to your money and customer data information, nothing less than perfect is acceptable. It is our mission to set fin-tech industry standards in fraud detection and account security. We’re on guard 24/7 to keep our user’s data and money safe.

Here’s how we do it.

World Class Compliance

CheckFlo is fully PCI DSS 3.2 compliant, which is the key security standard within the payments industry. Our PCI ASV is Qualys. (PCI – Payment Card Industry, DSS -Data Security Standard)

Security

All Checkflo traffic goes over TLS 1.2 (Transport Layer Security). We perform regular vulnerability scanning and penetration testing following OWASP best practices.

Encryption

All sensitive data is encrypted using AES-256 (Advanced Encryption Standard) with regular encryption key rotation. It is one of the most secure encryption methods, and is used in most modern encryption algorithms, protocols and technologies including AES and SSL.

Data Management

Checkflo customer data is located on the AWS cloud servers, which is a fully redundant, load balanced configuration across three geographic locations.