Safe as houses.
“How do they do it?” you ask. “What is their secret sauce?” we hear you say. Read on.
Our secure data partnership with a global leader.
At Tic:Toc we like our tech. One of the key pieces of technology our secure bot uses in your online application is a data aggregation service called Envestnet Yodlee (Yodlee). We choose Yodlee because they're the best in the industry.
Yodlee is a US-based company founded in 1999 that provides digital financial solutions for over 20 million paid users and over 850 financial institutions and financial technology innovators; including Xero, Billguard, ANZ Money Manager and Personal Capital. 12 of the 20 largest US banks trust Yodlee for their services.
You can find Yodlee's general security statement here. Key US banking regulators perform examinations into Yodlee's practices, including the Office of the Comptroller of the Currency and Federal Financial Institutions Council.
Your banking login details are used by Yodlee (in Australia) for one sole purpose: to fetch read-only copies of your transaction history, direct from your banking site. As soon as your details have been entered and validated in the approval stage of your home loan application, they are encrypted, separated and securely stored. This happens in a matter of minutes and means they cannot be accessed by anyone (including Tic:Toc and Yodlee employees). After a period of time (50 days) they are completely obliterated, and never to be seen again.
When you input your credentials, Yodlee never actually see them. As soon as you hit send, your details get encrypted and separated from that point.
Yodlee stores you as a user with a Yodlee ID. You have a password and a credential that is hashed, exists somewhere else and is matched to your user ID; and then your transaction and financial data sit somewhere else, encrypted.
It is not possible for Tic:Toc to transfer, move or do anything else with your bank accounts aside from receive a copy of your transactions for you. We only see the information we need to approve your loan application – the same information you would supply us if you were submitting the documents manually. It’s just much faster this way. Like, Usain Bolt fast.
We've chosen Yodlee because we trust their live transaction data aggregation is the safest and most reliable method of providing automated transaction imports to Tic:Toc.
Our bank level security and encryption.
In a security nutshell, our encryption of information between you and Tic:Toc is provided by industry standard TLS 1.2 and AES256 encryption technology. This is the current security standard used by most banks in Australia.
We also have a large amount of network segmentation in our hosting environment. This means we split our networks into subnetworks and network segments, so that our network structure isn’t visible from the outside. Almost like concealing your pack of Maltesers by hiding each delicious chocolate sphere in a separate spot in your bedroom.
We also have an Intrusion Detection System (IDS) to monitor our perimeter network for suspicious activity or policy violations, and an Intrusion Prevention System (IPS) to respond to detected intrusions, prevent the attack and minimise the impact. Pretty clever little acronyms, aren’t they?
You and you alone. You have a unique username and secure password (governed by a policy) that is only known to you (please don’t post it on Twitter).
Lots, and all the time. We do penetration testing annually, performed by an independent, accredited Qualified Security Assessor. Just to keep us on our toes. We also have procedures and policies based on Information Technology Infrastructure Library (ITIL) as well as many compliance obligations, which are continually tested and updated, to deliver quality and consistency to our IT security.
One of the best things about being 100% online, is that we don’t have your bank statements and direct debit request forms floating around an office. Where assistants named Beryl sometimes leave papers at the edge of her desk, which get brushed onto the floor when Broker Darren (who having had a particularly large lunch) squeezes past in haste to get his footy tips in by 4pm. Papers get muddled, Beryl gets yelled at, and so on and so forth.
But apart from having our documents stored securely in our data centres, we have other office security measures too. Such as:
- Secure hosting (Tier 3 Data Centre with ISO 27K1 and 9001 Accredited (Highlights)). If that made any sense to you at all, we applaud you: feel free to peruse work with Tic:Toc;
- Giant locks. Actually, they’re pretty standard sized, but we do need an access pass to get through the front door and up the elevator;
- Ear splitting alarms; and
- Access Control, so only the important people have access to the important places.
I have some more questions.