At GRID Finance we take the security of your money and data very seriously. Outlined below are the key elements of our security policy and how we ensure that our customer experience is safe and secure.
Cash and cards
Customer funds are never held or maintained virtually within the platform so are never at risk of cyber-attack/cybercrime. Customer funds are safely held within a central bank of Ireland regulated bank account and can never be accessed through the GRID Finance community lending platform.
When paying for the borrower application fee you are requested to enter your payment card details. These card details are never held within GRID Finance community lending platform or servers. They are held with our third party card handling partner Wirecard. Wirecard are a competitor to Paypal and are compliant with the global PCI standards for secure handling of payment card information. Further information on Wirecard security credentials can be found at: http://www.wirecard.at/en/service/security/
Information and Access
GRID Finance are committed to ensuring that your data is secure at all times by adhering to the data protection laws (1998, 2003) and the European Union e-Privacy directive which became law in Ireland in 2011. GRID Finance have voluntarily registered with the data protection commissioner of Ireland. We are subject to audit by the data commissioner at any time.
Your information is encrypted right from registration. We use 128 bit encryption to ensure that your information is always safe. You can see the ‘https’ and lock icon in the address bar which tells you that you are securely using our site.
Account set-up and multi-factor authentication
GRID Finance require you to provide a user-name, password and to answer a number of security questions as part of the membership joining process. This ‘two factor’ login reduces the risk of your account being comprised at login. If you enter your login details incorrectly you will be locked out of your account. In addition, if your account is idle for longer than 15 minutes you will automatically be logged in. We will never contact you by email requesting your logon or security question details. If you are requested by an unknown third party for your login details please contact our customer care department immediately.
Infrastructure and hardware security
The security of the GRID Finance community lending platform has been independently tested by KPMG in line with OWASP methodology. The KPMG testing adheres to ISO 27001-2013 standard as released October 1st 2013. It confirmed that the GRID Finance Information Security Management System (ISMS) is robust and fit for purpose.
GRID Finance’s computer systems are physically and virtually protected around the clock. A cutting edge firewall exists between our information system and external threats.
Server security and location
The servers holding the GRID Finance platform and customer data are held in data centers managed by a world renowned web server provider. These servers are protected by 24 hour security, CCTV cameras and a number of other physical controls. They are also backed up to a secondary, fully secured location. Our server provider has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry Data Security Standard. They undergo annual SOC 1 audits.