Skip To Content
Back to blog home

First thing’s first…

Nope, we can’t do anything with your money…
All data is read-only so we can report on your accounts and transactions but that’s it.

No longer need a product/ service? We’ll delete your data?
As long as the Fintech app (or the company’s app you are using) lets us know they don’t need your data anymore we’ll delete it. We’ve never sold any data shared by customers and never will.

Where’s my data stored?
All data is stored in AWS data centres in Sydney and Melbourne using AES-256 envelope encryption which means that each connection is encrypted with its own key.

Yes, we’re just as safe as your bank?
Our infrastructure is hosted and managed in an ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centre… In layman’s terms, your data is stored in the same way as data in the most highly regulated organisations around the world.

How is the data shared?

Basiq supports two data access mechanisms, once you as a consumer have consented to the sharing of data. One is via a web connection, the other is via Open Banking.

What is a Web Connection?
Web connection uses the same method and services that you use to login to your internet banking portal. To connect your bank is simple and secure, you simply select your bank from the list of available institutions and then login to establish a connection between your bank and the financial service.  As mentioned in a previous section, Basiq never sees that information, but providing it is critical to allow the application you are using to read your data.

What is Open Banking?
Open Banking is a new Government initiative that enables accredited financial service providers to securely access your data. Open Banking provides the greatest level of control and permissioning for your data providing you greater visibility and control. When using Open Banking to share your data there are few more steps involved. You will be required to consent to the sharing your data, and then select your institution.

Unlike the web connection method, once an institution has been selected you will be redirected to your bank to complete the connection setup. All parties involved in this process are accredited by the Australian Government and vetted to ensure that they have the appropriate security and compliance controls in place. 

Want to learn more? Check out our Definitive Guide to Open Banking in Australia.

To sum up: both methods of data sharing are incredibly secure, highly governed and regulated, and something Basiq approaches with the utmost security and consumer privacy in mind.

The Technical Details

How do we make sure your data is safe?
We are ISO 27001 certified, use the same data centres trusted by the most highly-regulated organisations in the world and are regularly audited and assessed by third parties.

Secure environmentOur physical infrastructure is hosted and managed in ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centres based in Sydney and Melbourne.
Restricted Network AccessWe use firewalls to restrict access to systems from external networks and between systems internally.
Real-time MonitoringWe conduct behavioural monitoring, vulnerability assessment, SIEM and intrusion detection to detect threats.
Data EncryptionWe store data at rest using 256-bit AES encryption and use an SSL/TLS secure tunnel to transfer data between your app and our API.
Secure DevelopmentOur development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
Multi-factor AuthenticationTwo-factor authentication and strong password controls are required for administrative access to systems.

More questions? Feel free to head over to basiq.io and chat to one of our friendly support teams at support@basiq.io

Article Sources

Basiq mandates its writers to leverage primary sources such as internal data, industry research, white papers, and government data for their content. They also consult with industry professionals for added insights. Rigorous research, review, and fact-checking processes are employed to uphold accuracy and ethical standards, while valuing reader engagement and adopting inclusive language. Continuous updates are made to reflect current financial technology trends. You can delve into the principles we adhere to for ensuring reliable, actionable content in our editorial policy.