Security

Financial Cents Security Protocol

  • Multi-factor Authentication
    • Users of Financial Cents can protect their accounts with an additional layer of security by enabling phone-based multi-factor authentication. The system would detect new devices during login and request identity verification by sending a 6-digit code to the user’s phone. It would also periodically request that the user verifies their identity again after a certain period had passed.
  • Data Transfer
    • All your interactions with Financial Cents are encrypted using SSL/TLS. This technology protects your data while in transit from your browser to our servers and vice versa.
    • We utilize multiple firewall layers at the operating system and network levels to protect our servers from any unauthorized access.
  • Physical Security
    • Our hosting provider, Digital Ocean, is a well-known industry leader that employs state-of-the-art technology to secure servers from all types of tampering. Servers are placed in 24/7 monitored facilities and are not accessible to non-authorized personnel.
  • Filesystem 
    • All uploaded documents are stored in an encrypted cloud storage system and automatically backed up to an offsite storage facility.
  • Data Storage
    • Data stored in our databases is encrypted at rest and during transfer to and from your browser. Our databases are automatically backed up on a weekly basis and backups are stored at an offsite facility.
  • Regular Security Patches and Updates
    • We release security updates to our infrastructure and custom software as they become available. All of our systems run on up-to-date software.
  • Client Tasks
    • Even though we do not require that your clients create an account, we implement strong security protocols to protect all data added by you or your clients. Financial Cents verifies your client’s identity by emailing them a short-lived 6 digit code that only they have access to and prevents access to the tasks until the code is typed in. In addition, the link sent to your clients to access the tasks contains a long and encrypted passcode to identify the client and the user. Anyone attempting to access the tasks must have both the long passcode and the short-lived token, which creates a security barrier that’s stronger than the common username and password.