Cyber Security
We use a range of practices and measures that are designed to safeguard your sensitive data, prevent unauthorised access, and ensure a secure online experience.
We use robust security measures to keep your transfers secure
- Encryption of your data and transfers
- Blocking bad actors and bot attacks on our website
- Secure coding practices to minimise any platform vulnerabilities
- Regular security assessments to identify and mitigate potential threats
- Security access control like CAPTCHA and multi-factor authentication
- Continuous training and awareness of new potential threats
Our cyber security protections explained
Blocking bad actors and preventing bot attacks
We employ robust controls to block bad actors and prevent bot attacks, ensuring a secure browsing experience on our website.
Our advanced security measures include intelligent bot detection systems to identify, analyse and distinguish between human visitors and malicious bots. We utilise CAPTCHA challenges and multi-factor authentication to strengthen user verification.
Additionally, we employ rate-limiting techniques (the number of times you can attempt to log in, every minute) to prevent automated attacks, implement web application firewalls (WAFs) to filter out malicious traffic, and regularly update our security systems to stay ahead of evolving threats.
Secure access control
We prioritise strong access controls to safeguard the integrity of our website and your data. Our access control measures include robust user authentication protocols, such as secure username and password combinations, and multi-factor authentication.
Additionally, we regularly review and update user access privileges to maintain the principle of least privilege. That way, mistakes can be minimised because user access is limited to only the actions and controls that you require.
Through these stringent access control mechanisms, we maintain a secure environment, mitigating the risk of unauthorised access and protecting sensitive data from potential breaches.
Secure coding practices
We adhere to controls for secure coding and development practices to ensure the resilience of our systems. Our development team follows industry best practices, including secure coding guidelines, to minimise vulnerabilities in the software.
We conduct regular code reviews, use automated testing tools for vulnerability scanning, and employ secure development frameworks. Additionally, we prioritise training and awareness programs to keep our developers and users updated on emerging threats and security practices.
By incorporating these controls, we strive to create robust and secure software, mitigating the risk of potential security breaches and protecting our users’ sensitive data.
Security assessment
We have implemented comprehensive controls for security risk assessment to proactively identify and mitigate potential threats.
Our approach involves conducting regular security risk reviews to identify vulnerabilities, assess their potential impact, and prioritise remediation efforts. We utilise industry-recognised frameworks and methodologies to evaluate risks, such as conducting threat intelligence, vulnerability scanning, and penetration testing.
By performing these assessments, we gain valuable insights into our security posture, allowing us to implement effective controls, strengthen our defences, and ensure the confidentiality, integrity, and availability of our systems and data.
What can you do to stay secure?
In today’s digital landscape, it’s crucial to be aware of potential threats and protect your personal information when using our website and application.
- Create a password for your account that is complex and difficult to guess.
- Change your account password periodically and use a password manager to generate and store unique passwords.
- If you get notified of any transaction by email or SMS, log in directly from the website you know to be legitimate. Think before you click on links or download attachments.
- Beware of phishing emails and smishing texts. Never click on links or open attachments unless you know they are safe.
- Use anti-virus software for your personal computing devices and mobile devices.
If in doubt or to ask questions, call our Customer Service Team or send an email to cyber.security@ofx.com.