The site is currently being upgraded, please come back in a few hours.

Security

Call to Action Background

Open Banking

Secure access to account information and payment processing through regulated Open Banking APIs

UK & EU Regulated
Secure Access
Real-Time Data
Open Banking Checklist

Account Information

Open Banking encompasses both Account Information, and Payments Services which are authorised in the same manner.

Proofenance understands that the idea of allowing access to personal bank accounts can be scary, especially in the modern age of identity fraud. That is why Proofenance has partnered with Nordigen GoCardless who are registered with the FCA and hold a UK Open Banking AIS TPP license. They also have an EU open banking license which enables access to European accounts.

How it works

When you authorise Proofenance to access your account information, you are redirected to your bank's secure website. This is the same website you use to log into your online banking.

You then log in using your usual bank credentials and authorise Proofenance to access your account information. This is done through your bank's secure website, not through Proofenance.

Proofenance never sees your bank credentials. They are only entered on your bank's secure website.

Once authorised, Proofenance can access your account information through secure APIs. This information is used to verify your identity and assess your risk profile.

Open Banking Gateway

Secure by design

Every layer is there to keep identity and payment data where it belongs.

Encryption & access controls

Encryption and access controls aligned to financial services expectations, with design reviews as the product evolves.

Data protection by design

We treat ID and source-of-funds material as highly sensitive, with minimisation and clear roles for who can see what, when.

Secure infrastructure

Multi-vendor hosting spreads risk across providers so we are not dependent on a single cloud, with logging and operational hardening for regulated workloads.

Dedicated hardware

Sensitive processing runs on dedicated compute, giving us full control over our environment where identity data is handled.

Strong resilience

Redundancy, failover, and recovery are built in so a single failure does not take compliance workflows offline when a sale is in progress.

Audit trail

Key compliance actions and evidence are tied to the purchase so you can show what happened in a real sale.

Ongoing security work

We monitor, review, and improve controls over time, with materials you can share with your board or bank.

UK & EU data choices

Hosting and retention choices that match your risk profile across the jurisdictions you sell in.

GDPR by design

Privacy principles are built into how we collect, store, and retain identity and payment data.

ISO 27001 aligned

Security management practices aligned to ISO 27001, with controls you can discuss with your MLRO or bank.

24/7 security operations

Monitoring and incident response run around the clock so issues are caught and handled without waiting for office hours.

Security you can read and share

If your MLRO, bank, or client asks how data is held, we want you to have a clear place to point.

Contact us