Instant Account Verification (IAV) Security Information

Why we use Instant Account Verification (IAV): 

Instant Account Verification is a simple and secure way for consumers to verify their bank account details. Split uses IAV to make it easy to initiate transactions or set up direct debit payments. We deploy IAV via a service proxy, which means consumers can simply use their online banking services to perform the verification in a trusted and secure environment. There are many other examples of this technique being used in the financial services industry including Proviso, Basiq, and Yodlee.

Customer Data

Security is of the utmost importance – Split does not collect data such as usernames and passwords used to log into your online banking. Please see our Privacy Policy for more information.

  • No caching of requests is performed on our servers
  • We do not capture or store usernames or passwords
  • We utilise the highest standards of encryption

Data Security

During a Split transaction, no one can access or see your internet banking login credentials. All communication via Split takes place using HTTPS transport level security and no sensitive information is stored (not even cached).

Security Commitment

In order to maintain our high-security standards, Split Payments has undertaken the following:

  • We use a proxy server between the customer and the internet banking site, which has advanced security against DNS poisoning and other threats.
  • We have numerous server-side transaction integrity checks to ensure no tampering
  • Our development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
  • Only required personnel have access to the production environment
  • Our physical infrastructure is hosted and managed in an ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centre.
  • We conduct behavioural monitoring, vulnerability assessment, SIEM and intrusion detection to detect threats and keep our system safe and secure.
  • Firewalls are utilised to restrict access to systems from external networks and between systems internally.