Security

We secure your identity

We have multiple teams at Octalas dedicated to keeping your account, identity and personal data safe. Below are some of the things we are doing —and which you can be a part of— to ensure a safe financial environment.

  • Our modern on-boarding process is designed to meet all regulatory guidelines relating to the Know Your Customer (KYC) requirements. All documentation and data is protected and encrypted in our secure banking platform.
  • Under the GDPR regulation, we store all personal data in secure and encrypted storage environments and we only share your data with our trusted partners to provide you with the best services possible.
  • SCA – as part of the PSD2 (Second Payment Services Directive) requirements for Strong Customer Authentication, we apply secure authentication processes to secure your account and your transactions.
  • Mobile device enrolment. Your mobile device is an effective way to verify your identity. You are required to verify your mobile number and enrol your device prior to using it for identity and transaction authorisation. 

We secure your money

  • As an electronic money institution providing online payment services, we do not and cannot lend your money to third parties. 
  • Safeguarding practices protect your money. We are required by law to protect our clients’ money by safeguarding it with a partner bank, segregated from Octalas’s own funds. When you receive or transfer-in funds we credit the equivalent value of e-money into your account and simultaneously place the received funds into ring-fenced accounts (separate from our own money) held with established global banks.

We secure your access

  • SCA – we apply Strong Customer Authentication to verify user’s identity before granting users access to their accounts. This includes MFA (Multi-factor Authentication) on the Octalas web Customer Portal and the Octalas mobile app. During MFA you will be required to provide at least two of the following things: something only you could KNOW (e.g. PIN, password), something only you could OWN (e.g. card, phone), or something only you could BE (e.g. fingerprint, face).
  • Fingerprint and face (biometric) identification — Octalas offers you a more secure option to log into our mobile app using your fingerprint or face recognition. 
  • Zero Trust Security – Octalas uses Zero Trust on all our platforms and networks. Zero Trust is a security concept that requires all users and devices to be continually authenticated, authorised, and validated when using resources and services within our environment.
  • We secure your transactions
  • We use fraud detection technologies, data encryption and strong authentication solutions in our efforts to do all we reasonably can to prevent unauthorised or fraudulent use of your account, card and related services.
  • Octalas protects your payment transactions using SCA by providing a unique code uniquely generated for one transaction, linking the user with the transaction-specific information. This is known as dynamic linking.
  • 3D Secure (3DS) — Octalas cardholders are required to register for 3DS to enable secure online card payments. With 3DS, when you make certain online card payments, you will receive a mobile notification from Octalas, asking you to enter a one-time verification code to complete the payment.
  • IDCM.  IDCM stands for Identity Check Mobile; it’s an app-based authentication solution that allows users to confirm their online card payments with biometrics. 

We secure your cards

  • The Octalas Anti-fraud System — we use this system to get real-time alerts of fraudulent activity, resulting in quick action and early preventative measures on suspected fraud transactions.
  • Octalas is a Certified Level 1 PCI DSS Service Provider – this means that our systems and networks have been audited and assessed by a PCI approved Qualified Security Assessor (QSA). Maintaining this certification ensures that your card details and transactions are secure.
  • Virtual cards — this product provides a more secure method of making e-commerce transactions. A virtual card cannot be stolen. Your card number is safely stored within our encrypted cardholder data environment, only accessible on one of your devices through MFA.

How you can protect yourself

  • Make sure that you have the most recent version of the Octalas app installed to take advantage of the latest payment and security features available.
  • No security system is perfect all of the time, which is why it’s important for everyone —that means you, and all of us at Octalas— to remain vigilant in order to keep each other protected. 
  • Be suspicious of unsolicited emails and websites
  • Never click on links or opening attachments from unknown senders
  • Hover over links to check their destination before clicking
  • Only enter your personal information on secure websites

Beware of phishing scams in which someone poses as an Octalas staff member and requests sensitive information such as your app PIN, card PIN, or passwords. Our staff will never ask for this type of information.

What is phishing?

Phishing is a criminal activity that employs fraudulent email messages and websites in an attempt to acquire sensitive information, such as login credentials and card details, from unsuspecting users. The emails and websites used in phishing attacks often look very similar to those of legitimate organisations, making them difficult to distinguish from the real thing.

The goal of phishing attacks is to trick users into divulging their personal information, which can then be used for identity theft, financial fraud, and other malicious activities.