FinTech software solutions you can trust
Velmie is ISO 27001 certified company and the software platform is compliant with SOC II Type 2 and PCI DSS. Security is our key focus and we constantly improve our solutions and procedures to deliver best-in-class software. We carefully maintain security on different levels including the infrastructure, software development practices and the company itself.
Organizational security
Velmie has implemented and maintains the organizational security policies under ISO 27001 which include physical and digital access management, network security, business continuity and backup practices, incident response and 3rd party risk management and others. We regularly conduct audits and risk assessments to understand and prevent any risks to our customers’ data.
Infrastructure security
Single-tenant approach used by Velmie delivers greater security and data privacy compared to multi-tenant SaaS systems where companies’ data is not isolated. This feature also allows configuring hosting environments to meet the specific requirements of regulators. All data at Velmie is encrypted with TLS and AES-256-GCM and augmented with audit trails containing historical key data changes. The software platform also comes with numerous other security mechanisms such as API protection, Identity and Access Management (IAM), JWT-based authentication, DDoS protection, and Jail safety mechanisms.
Incident response
Velmie has established business continuity and disaster recovery procedures that we follow in the event of disruptions. In case of an incident, our clients get the necessary assistance under SLA with the regulated response and resolution times to ensure software availability.
Software security
Velmie regularly conducts penetration tests by our in-house engineers and with the help of external security researchers to ensure the software meets OWASP standards. Security is embedded into the development process used in our company. The code is checked by static analyzers to identify potential vulnerabilities. There are mandatory security tests performed by QA team to verify the code and CI/CD practices used by DevOps team to automate the testing and delivery of updates.
Security features
Built-In security
Security is essential in all stages of the software development processes at Velmie, from solution architecture design to quality assurance, deployment and monitoring.
Single-Tenant environment
Whether you choose a self-hosted approach or use our cloud services, you can always make sure the data is completely isolated from other customers and you have full control over how its being used.
Roles and permissions
Role-Based Access Control (RBAC) system allows to set up roles with different privileges and responsibilities to implement organizational security.
Maker-Checker
Maker-checker (or or 4-Eyes) function extends the RBAC system and allows setting up more advanced segregation of duties within an organization. In order to improve overall security, the maker-checker involves several people and/or technology throughout the cycle of a transaction in order to minimize the risk of fraud or undetected errors slipping through.
Verification and limits
Velmie comes with a KYC system embedded into the onboarding process to allow customer identity verification according to your organization’s policies. The system features multi-tier access and limits for greater flexibility over the onboarding, transactions monitoring and compliance.
Transaction monitoring
Velmie provides tools and solutions to set up transaction monitoring to avoid risks associated with money laundering, fraud, tax and sanctions evasion.
Strong customer authentication
Velmie comes with a full-fledged SCA system featuring advanced 2FA with biometrics, passcodes and TANs. To secure users’ accounts from unauthorized access the system has session management tools, IP tracking, access log and login security settings.
MPC
Wallet solutions at Velmie are secured with MPC (Multi-Party Computation) technology that provides best-in-class asset storage security. Can mitigate the hazards of dealing with digital bearer assets where transactions are irreversible.