Security

We take the security of your data and money very seriously

Use Transfer Connex with confidence

We only partner with regulated entities and leading technology companies to ensure we’re ISO/IEC 27001:2013 compliant and consistently review and enhance our processes and systems to ensure that we remain secure.
Get Started

Further Information

Safeguarding our clients’ money

Keeping our clients’ money safe is really important. And it’s part of what makes us a trusted partner of choice.

Payments services for Transfer Connex Limited are provided by The Currency Cloud Limited. As a payment services provider, Currencycloud receives, collects and stores funds for our clients, as well as facilitating FX conversions and processing outbound payments. Any funds (e-money) held on behalf of our clients, for the provision of a conversion or payment service, are subject to safeguarding, making sure that our clients’ funds are always protected and can be issued back, should Currencycloud go into administration or liquidation. Unlike holding money in a standard bank account, all of our clients’ funds are protected, regardless of the value.

How Currencycloud are regulated

Payment Safeguarding is a key consumer protection measure required by the Electronic Money Regulations and the Payment Services Regulations. The Currency Cloud Ltd (Currencycloud) is an authorized Electronic Money Institution (EMI) and the firm’s reference number is 900199. The Currency Cloud Limited are regulated by the Financial Conduct Authority (FCA) under the Electronic Money Regulations 2011 and Payment Services Regulations 2017.

How Currencycloud safeguard client’s funds held in their safeguarding accounts

Currencycloud separates clients’ funds from their company funds and places them in safeguarding accounts held with reputable uk and eu banks. If the business was to become insolvent, the funds held in our safeguarding accounts would form an asset pool from which claims of the e-money holders (our clients) would be paid above those of other creditors. The bank(s) or authorized credit institutions have no rights over funds in Currencycloud’s safeguarding accounts. Currencycloud has no rights over our clients’ accounts (other than where specified in our Terms and Conditions).

Network Security

Currencycloud have dedicated systems in place to protect against Distributed Denial of Service (DDoS) attacks as well as man-in-the-middle attacks. Currencycloud use reputable registrars to protect against domain hijacking and “phishing” attacks. Currencycloud’s platform undergoes regular penetration testing and has protection in place against common vulnerabilities like code injection attacks and cross-site scripting attacks.

Encryption

All of Currencycloud’s network traffic is encrypted at a transport level and confidential information is encrypted at rest. Currencycloud use best practices in terms of encryption key storage and security.

Information security

The Currencycloud platform and operational security is certified under ISO/IEC 27001:2013, the international best practice standard for Information Security Management Controls which is independently audited. Currencycloud also comply with best practices and regulations pertaining to the management of personal data under the UK Data Protection Act (DPA), as well as the upcoming European Union General Data Protection Regulation (GDPR).

Strong access control

The Currencycloud platform provides a role based, hierarchical security model with two-step authentication and multi-factor authentication for sensitive systems. All access is logged and audited for suspicious behaviour.

See how much you can save