Saasu has an internal development model nicknamed RISC. Redundancy, Integrity, Security and Capacity are the cornerstones of our development approach. Our investors come from investment and transactional banking backgrounds so we know that to achieve bank level security we have to partner with only the most trusted companies who’s main role is to provide bank data to the financial sector.
We have third party security consultants who review our application. They have security programmes written specifically to test weaknesses in web applications like our own. Our investors have experience dealing with other software companies in the accounting space, not just our own. They are also very familiar with data feeds, bank data formats, the security required for e-commerce, credit card processing and PCI compliance measures.
Internally, we have many of these skills, but security is all about layers of knowledge to ensure quality assurance levels are strong at all levels of the application. At the end of the day, Saasu’s investors and customers need to be comfortable that the risk is very low as our business depends on it more than any other factor.
Our data provider, Yodlee, employs leading-edge technologies, ISO standards, and business practices to protect your data. They have multiple patents granted or filed on various aspects of their technology including security infrastructure and data acquisition framework.
Saasu Online Accounting security measures
|Digital Certificates||Saasu and Yodlee both use Thawte certificates for our services. Clicking on the lock icon in your browser reveals more information about your security.|
|Data and Password Encryption||Password and account data are stored and transmitted in encrypted format at all times. All data is securely housed in an Internet server hosting space that provides enhanced physical security, fire protection and electronic shielding.|
|Network Intrusion Detection Systems||Network-based IDS (intrusion detection system) provides 24×7 network monitoring and alerts security personnel to any external attacks on the network.|
|Physical Security Measures||Saasu online accounting retains a highly secure server stack in Australia and Hong Kong where security personnel monitor our systems 7 days a week, 24 hours a day. Access to servers requires multiple levels of authentication.|
|Security Audits and Inspections||The security infrastructure is regularly audited and inspected by our own system administrators and a third party company who’s speciality is security and data integrations.|
Multi Factor Authentication
What is Multi-factor Authentication?
Multi-factor authentication (Jargon: MFA) is an extra level of security to protect secure data. After entering a username and password, multi-factor authentication systems will prompt you to enter an extra piece of information such as a security token value, a secret question or SMS delivered security code.
If you are required to use this type of access in your online banking system it is likely you will also need to use it to connect and regularly refresh your Saasu bank feeds.
How do I get the latest bank feed data for my multi-factor supported feed?
- Make an initial connection between your bank and Saasu.Once the connection is established, the first batch of available transactions will be imported into Saasu.
- Use the ‘Update Credentials’ or “Refresh Feed” link on the bank feeds screen each time you need to retrieve your latest transactions after your initial connection. This is under the Connect option. Bank feeds with Multi-factor authentication require this trigger and will not update automatically.
It is recommended that the credentials are only updated used once per day. Repeated refresh triggers too close together may cause issues.
What types of Multi-factor authentication does Saasu support?
Saasu’s support does not extend to all banks and institutions that require this. Bank feeds that have two or more Multi-factor Authentication codes are not supported.
What if Saasu doesn’t support Multi-factor Authentication for my bank?
In the instance that your bank feed is not supported, you can manually import your bank transactions into Saasu. We support importing of file formats from a wide range of banks, including .CSV files (spreadsheets in the Comma Separated Values text format).
As we are unable to test every single type of login connection for every bank around the world, we are happy to collaborate with our customers to help make new connections available. While we aren’t able to support every request for new connections, we do value your feedback regarding where we should focus our efforts to improve Saasu’s banking integration. Feedback can be Customer Contact Saasu.
How do you protect my account passwords and user IDs?
Your personal information is entered through Secure Socket Layer (SSL), which creates an encrypted connection between your browser and our servers. This information is kept encrypted at all times.
Who has access to my Bank Account information?
You and only you know your password. No one can access your account unless you provide him or her with access via the Manage Subscription Screen. Even you can’t access you password as we don’t store this information in the Saasu Online Accounting application. No Saasu employees have access to your password.
How is my account information protected during transmission?
The transmission of data is protected using industry recognized encryption standards, such as 128-bit. Users’ passwords are transmitted and stored in encrypted format at all times.
Where is my account information stored?
Your information is stored on servers, which are securely housed in an Internet server hosting space that provides enhanced physical security, fire protection and electronic shielding. Security personnel monitor the system 24 hours a day, 7 days a week. Access to servers requires multiple levels of authentication.
How is my account information protected from “Hackers” or outside intrusion?
Network-based intrusion detection systems (IDS) provide 24×7 network monitoring and alerts us to any external attempts to access the network. In addition, multiple layers of firewalls are used to guard against unauthorized access to the network.
What happens to my account information if I unsubscribe from the service or just stop using it?
Once your request has been received, your information will be securely and permanently deleted from our database OR your account will be automatically deleted from the database after six months of dormancy.
How frequently do you evaluate your security systems?
The security infrastructure is reviewed at each major release or on a semi-annual basis.
Is my data secure during a “service outage” or “scheduled maintenance”?
In the unlikely event that the service is temporarily unavailable, your account information remains secure in our Internet server hosting space, which is protected by stringent Network-based and physical security measures. Your data is replicated between Australia and Hong Kong on an ongoing basis.
Is my personal identity protected?