At PowerCred, we take user privacy and data protection very seriously. We are committed to protecting user privacy and accessing consented data responsibly for specified usage only. While it is common for us to be told to not share data with third-party apps, data-sharing post the introduction of open finance has called for a change in this attitude. Data-sharing can now be done in a highly secure and transparent manner using APIs where the user has full control over the data they share, maintaining the ownership of the data with the user.
“APIs are currently the best practice for data exchange. They are far superior to the previous means of data exchange, screen-scraping- a method of capturing data by storing user credentials”, as noted by The Coalition of a Digital Economy (Coadec).
PowerCred’s unified API suite and platform are built in a way to maintain high standards of data security while adhering to industry-recognised standards such as ISO 27001. To give you more transparency about the measures we take to ensure data security at PowerCred, here are some of our practices that have made us a trustworthy partner to our customers…
Data Security at PowerCred
Data access controls: PowerCred exercises complete control over who has access to our data. We’ve placed access controls on every single data point, ensuring restricted access to data requiring authentication.
Continuous training: Our team undergoes continuous, periodic training to keep up with the latest trends and practices in data security and to maintain the data security of our offering at par with industry standards and in compliance with regulatory requirements. We also train our team to securely use and manage their devices to maintain data security at the device level.
Vulnerability testing: We perform vulnerability testing to evaluate the security of our system and to detect any malicious practices within our systems as a preventive measure.
Penetration testing: We perform penetration testing to periodically evaluate our system’s security with simulated attacks to identify vulnerabilities if any.
No direct access to our APIs: PowerCred’s APIs sit behind a proxy which means our APIs are not directly accessible by the internet, restricting access for better security.
Data confidentiality: We value user privacy and take systematic measures at all stages to adhere to high standards of data confidentiality. We provide full disclosure to small businesses on the data that we would be fetching and ask for their prior consent to use the same
Compliance: PowerCred complies with regional regulations and is certified by ISO 27001 and Kominfo. We are also registered with AFTECH and are in process of getting our certifications from OJK.
We appreciate responsible disclosure and would like to know if you may have noticed any vulnerabilities in our APIs or platform. You can write to us about them at shrinivas@powercred.io
If you have any questions or would like to know more about any of our security practices, please feel free to get in touch with us.
