iphone

Our comprehensive and audited security programme includes market-leading security solutions to ensure our platform and infrastructure are secure. We put measures in place to effectively detect security breaches which are reflected in our policies and our employee awareness programmes. All our security detection and assessment activities are monitored and continuously enhanced to establish and protect the integrity of our security systems.

Protecting your account

Currency.com uses encryption and Two-Factor Authentication (2FA) to secure your account. We never store passwords in plain text, instead we employ salted secure hash algorithms to better protect your passwords and your accounts.

Securing your funds

Our clients’ funds are segregated from our own funds, which means that your money is completely ring-fenced and protected.

Securing our network

We use a combination of load balancers, firewalls, and VPNs to monitor and filter incoming and outgoing network traffic to defend against cyber attack threats. Our infrastructure is constantly monitored and we only transmit our data over encrypted transport layer security (TLS). In addition, we enable an HTTP Strict-Transport-Security response system to detect possible cyber threats and conduct email domain verification to evaluate the authenticity of all email messages.

Securing our platform

The Currency.com security team drives an Application Security Programme which is designed to improve our code security and quickly detect vulnerabilities. To further promote security through the exchange of best practices and new ideas, we launched a bug bounty programme. This has enabled us to attract new perspectives on how to challenge emerging security threats.

Protecting your information and ensuring data security

Data security is at the heart of our business. To keep our clients’ information safe and secure, we continuously strive to stay in step with global standards, regulation and best practices. Affirming our commitment to maintain information security at every level, Currency.com complies with a host of international security standards.

We value our clients’ right to privacy so we took the necessary steps to ensure that Currency.com is compliant with all applicable data protection laws, including the General Data Protection Regulation (GDPR). Below is a general overview of the steps we took to become GDPR ready:

  • Transparency.
We offer our clients Currency.com’s Privacy Policy which describes how the client data is handled.
  • Data Protection Officer.
Currency.com appointed a Data Protection Officer to oversee its compliance with the data protection rules.
  • Data transfers.
Whenever we use a third party provider, we ensure that they can handle your data securely and only on the basis of strict contractual commitments.
  • Data privacy principles.
When handling our clients’ data, we adhere to GDPR’s data protection principles, such as lawfulness, fairness and transparency, purposelimitation, data minimisation, accuracy, storage limitation, integrity and confidentiality and accountability.
  • Ongoing review.
At Currency.com we have ongoing monitoring and review of our privacy practices and documentation to meet the data protection obligations applicable to our activities.

We have obtained ISO 27001 certifications for our information security management and privacy risk management. An ISO international standard—the ‘gold standard’ for information security— ensures that products are safe, reliable and of good quality.

In addition, our efforts to maintain a secure environment to accept, process, store and transmit credit card information has earned us a Payment Card Industry Data Security Standard (PCI DSS) certification.

If you encounter a perceived security issue in any of our products or features, please report it via email to vulnerability@currency.com immediately. For more information about our security policy, visit www.currency.com/security-policy