top of page

FinTech software solutions you can trust

Velmie is ISO 27001 certified company and the software platform is compliant with SOC II Type 2 and PCI DSS. Security is our key focus and we constantly improve our solutions and procedures to deliver best-in-class software.  We carefully maintain security on different levels including the infrastructure, software development practices and the company itself.


Organizational security

Velmie has implemented and maintains the organizational security policies under ISO 27001 which include physical and digital access management, network security, business continuity and backup practices, incident response and 3rd party risk management and others. We regularly conduct audits and risk assessments to understand and prevent any risks to our customers’ data.


Infrastructure security

Single-tenant approach used by Velmie delivers greater security and data privacy compared to multi-tenant SaaS systems where companies’ data is not isolated. This feature also allows configuring hosting environments to meet the specific requirements of regulators. All data at Velmie is encrypted with TLS and AES-256-GCM and augmented with audit trails containing historical key data changes. The software platform also comes with numerous other security mechanisms such as API protection, Identity and Access Management (IAM), JWT-based authentication, DDoS protection, and Jail safety mechanisms. 


Incident response

Velmie has established business continuity and disaster recovery procedures that we follow in the event of disruptions. In case of an incident, our clients get the necessary assistance under SLA with the regulated response and resolution times to ensure software availability.


Software security

Velmie regularly conducts penetration tests by our in-house engineers and with the help of external security researchers to ensure the software meets OWASP standards. Security is embedded into the development process used in our company. The code is checked by static analyzers to identify potential vulnerabilities. There are mandatory security tests performed by QA team to verify the code and CI/CD practices used by DevOps team to automate the testing and delivery of updates.

Security features

Built-In security

Security is essential in all stages of the software development processes at Velmie, from solution architecture design to quality assurance, deployment and monitoring.

Single-Tenant environment

Whether you choose a self-hosted approach or use our cloud services, you can always make sure the data is completely isolated from other customers and you have full control over how its being used.

Roles and permissions

Role-Based Access Control (RBAC) system allows to set up ​​roles with different privileges and responsibilities to implement organizational security.


Maker-checker (or or 4-Eyes) function extends the RBAC system and allows setting up more advanced segregation of duties within an organization. In order to improve overall security, the maker-checker involves several people and/or technology throughout the cycle of a transaction in order to minimize the risk of fraud or undetected errors slipping through.

Verification and limits

Velmie comes with a KYC system embedded into the onboarding process to allow customer identity verification according to your organization’s policies. The system features multi-tier access and limits for greater flexibility over the onboarding, transactions monitoring and compliance. 

Transaction monitoring

Velmie provides tools and solutions to set up transaction monitoring to avoid risks associated with money laundering, fraud, tax and sanctions evasion.

Strong customer authentication

Velmie comes with a full-fledged SCA system featuring advanced 2FA with biometrics, passcodes and TANs. To secure users’ accounts from unauthorized access the system has session management tools, IP tracking, access log and login security settings.


Wallet solutions at Velmie are secured with MPC (Multi-Party Computation) technology that provides best-in-class asset storage security. Can mitigate the hazards of dealing with digital bearer assets where transactions are irreversible.


Security at Velmie

Want to know more about the security features and policies?

Drop us a line and we will provide the full documentation.

bottom of page