VibePay Security Notice

25th September 2019

At Vibe Pay Ltd we know that security is very important to our users. We want to assure you that it is even more important to us that we protect your information as best as we can. In order for us to fulfil this responsibility, we have a number of security protocols in place.  

Transaction Security 

Vibe Pay is authorised and regulated by the Financial Conduct Authority (FCA) under Reference number 814356 as a Payment Institution, with permission to provide both a Payment Initiation Service and an Account Information Service. 

All our Payment services are provided via Open Banking. Within the VibePay platform you will be able to receive payments directly to your bank or building society without having to share your password or login details with anyone other than your own bank. By way of Open Banking you control VibePay’s access to your data and for how long. Please see the Open Banking standard for more information on your transaction and cyber security.

System

VibePay uses a combination of internal and external IT systems to develop and provide its payment service.  The inherent risks and subsequent controls for each of these systems has been established to ensure the security of the payment service. This is secured by operating on a Virtual Private Cloud infrastructure.

Internal security 

VibePay have considered confidentiality, integrity and availability when implementing its data security measures ensuring that:

-The data can be accessed, altered and deleted only by persons VibePay has authorised to do so 

-The data held is accurate and complete for the purposes for which VibePay  is processing it

-The data remains accessible and usable to VibePay, so it can be recoverable in the event of accidental loss, alteration or destruction 

Physical Security (External IT Systems)

The Google Virtual Private Cloud has a physical implementation of hardware and software infrastructure managed by Google.  To maintain physical security of its IT infrastructure, Google restricts information concerning the physical location and security features associated with this infrastructure.

Trusted Third Parties audit Google, evidencing its IT security policy and controls in the form of Compliance Certificates.

Encryption 

Encryption protects the information stored and helps safeguard against unauthorised data processing. From the moment you access the VibePay platform, any and all sensitive data is secured using internationally recognised encryption standards. The data we hold is extremely secure and we are regularly audited by external experts to ensure it remains so.

Business Continuity

VibePay will ensure the resilience of its systems and services (including third party providers), to enable the systems to continue operating under adverse conditions and the ability to restore the system to an effective state within a timely manner.

Notice on Virus Protection

We recommend that all users have up to date Anti-virus and Firewall protection on your PC or device 

Responsible Disclosure 

At VibePay we want our users to work with us in ensuring security remains a priority where customer privacy, and integrity of our products and systems are concerned. We know that we may have users, security professionals, or researchers accessing VibePay and we want you to contact us if you need to alert a security concern, or have identified a vulnerability. Please email privacy@vibepay.com to bring a matter to our attention. By emailing or providing a disclosure to us, you agree to the terms of our Privacy Policy and that we can use your submission and its contents to ensure the ongoing security and integrity and of our technology and business.