- PROMETEO
- ABOUT PROMETEO
- SECURITY
Security is in Prometeo's DNA
We recognize the vital importance of safeguarding the integrity of our clients' financial data. Here we explain how we do it.
We are leaders in security
To achieve this, we design each of our products following the best practices in information technology service management, providing the guarantee and trust that our clients seek.
Our extensive experience in developing technological infrastructure for the financial sector through APIs has allowed us to ensure that every step of the process is safeguarded through various security measures.
We are supported by our international certifications
At Prometeo, we have an information security management system that includes internal policies, regular audits, and documentation on the 'why' and 'how' information assets are protected.
We have ISO 27001 certification, the international standard that describes how to manage information security within a company. This system is used to protect the confidentiality, integrity, and availability of information. Additionally, it allows us to identify and foresee any information security risks effectively.
How Prometeo's security works
Our platform is specially designed on a security architecture that complies with all industry legal and compliance standards.
Secure connections and access
We connect by creating a cryptographic bridge between the financial institution and the client. This connection allows us at Prometeo to communicate directly with the institution so that only the end-user can access their bank account data or initiate a payment.
This guarantees our clients that we do not store credentials or share any type of sensitive information.
The data remains secure and private at all times as the information travels encrypted end-to-end using TLS 1.2 or higher with secure ciphers.
To access our system, our team must use two-factor authentication, as well as storing keys in password managers.
We also provide authentication through API Keys. The API Key is an identifier found in the Prometeo Dashboard that allows our clients to start using Prometeo's service by sending requests to our APIs.
Multiple layers of security
Our infrastructure features several levels of security to keep information safe at all times:
Prometeo's platform is hosted on Amazon Web Services, the leading cloud service provider with the highest standards of data security and privacy, including ISO 27001, PCI-DSS, and SOC 2.
We have Web Application Firewalls that enable us to monitor, filter, and block any malicious traffic.
We conduct biannual security tests with our specialized team to identify and address any security vulnerabilities in our infrastructure and applications.
We adhere to security procedures in accordance with the ISO 27001 standard.
We provide security training for our entire team, disseminating our security policy throughout the company.
Monitoring
Our 24-hour monitoring system allows us to track the status of our connections and monitor alerts in real-time.
Our systems are protected by an Intrusion Detection System (Host IDS), designed to identify any unusual activity in accessing our servers.
We receive real-time reports on access logs, ensuring active defense against potential threats.