Security of your data is our major concern and we appreciate your trust in our service.
We rely on our previous experience in building large systems with demanding security requirements.
The Bank Control™ service is protected in a number of ways:
The Bank Control service and web site are deployed on Amazon Elastic Compute
Cloud with high level of physical security. Many companies trust
Amazon EC2 with their information.
Our service platform has been hardened and protected with firewall. It does not
expose any network interfaces which can be used for an intrusion from outside
and does not provide access to its database from outside.
You will be notified via email when an unauthorised attempt to highjack your
profile has been detected. We also lock your profile temporarily when such
an attempt has been detected to prevent simple password generation attacks.
Only our authorised personal have access to the Bank Control server.
We don't share personal information with any third parties, although we may
share depersonalised statistical data.
The technical log files and audit records do not contain passwords and are
kept for short time only.
We backup our service database every night and extra redundancy will be introduced
after completion of the pre-release phase.
Information We Keep
We are very open about the information we keep about you. We want you
to be able to make an informative decision whether to use our service or not.
We keep minimum information about you and your activities:
Information you provide during profile registration, such as names and email address.
We know what providers you use, although we don't know what accounts you hold.
We know what types of devices you use. This information is recorded when
you register a device.
We keep audit information for a few months. You can see this information by
going to the My Profile/Audit Viewer section on the Bank Control web site.
We keep a technical log for a number of days, but this log does not contain
authentication details and can be seen by our authorised personal from the UK
Information We Don't Keep or Can't Use
The following information is either unusable or we don't keep it:
Your service and transaction passwords which are one way encrypted and therefore
can't be reinstated.
Login details you specify for access to provider's
Internet banking. This information is encrypted and only part of the
resulting data is kept in the service database. Your login details can't
be reinstated from this data.
We don't keep information about your accounts or what types of accounts you have.
We use one way hash matching algorithms to match accounts when needed but
we don't keep your account numbers or types.