We take our responsibility as a registered financial institution very seriously. We maintain the highest industry standards in protecting your data and funds. We’ve covered all grounds - from state of the art encryption and built in app features to corporate trainings, external audits, constant monitoring and bank-grade security infrastructure.
iCard undergoes annually through an external security audit in order to maintain ourPCI-DSS Level 1 certificate. The PCI Data Security Standard (DSS) is created by Visa, Mastercard and other well respected debit/credit card providers. It is entirely based on their years-long experience in dealing with countless security threats while securing their customers data. iCard is fully compliant with PCI DSS, which means that we maintain the highest industry security standards, in addition to working with other PCI-certified partners.
Licensed financial institution
We are an EU Electronic Money Institution and an EU Payment Processor, licensed under the European E-Money Institutions Directive. As such we follow very specific customer funds safeguarding procedures. We do not re-invest our customers’ funds and we are required by law to keep our finances separate.
We have a dedicated team of privacy and information security specialists. They work closely together with the engineering teams to make sure our applications, dataflow and infrastructure remain secure at all levels.
All sensitive information is fully encrypted with state-of-the-art cryptographic algorithms in our databases as well as during data transmission. We store your data in special tier 4 data centers located in Class A jurisdictions in Europe. Our advanced systems offer real-time monitoring and protection from suspicious traffic and behaviour.
Manual penetration testing
To further make sure we’ve built a state of the art solution, we hire independent third party security experts to perform manual penetration testing of our application, infrastructure and network. Manual penetration adds an additional layer of security on top of the common automated testing and vulnerability scanning.
Our fraud investigation team is constantly monitoring for system alerts and red flags on your account. If they see an unusual or suspicious activity, they will be in touch with you through a phone call immediately. For example, if suddenly you transfer a large amount of money or you make series of purchases in foreign websites etc.
Every time you send money, use your cards or perform any other monetary transaction, you will get instant notifications straight to your mobile number you used at registration. Notifications are a great way to make it harder for any fraudulent activity to go unnoticed.
Two factor authentication
You have to manually authorize any new device if you wish to access your account. This gives you a peace of mind that anyone else who could have knowledge of your password won't be able to gain control of your account from a different device.
Rooting & Jailbreaking blocked
A rooted/jailbroken phone is a device that has given root system rights or root access to certain apps with or without the knowledge of its owner. Rooted devices are extremely dangerous because they leave your phone fully vulnerable for malicious attacks. iCard’s system detects when a device is rooted or jailbroken and does not allow the mobile application to start on such devices.
Transactions authorization & Limits
Every time you try to access Tap & Pay or your virtual cards information you will be asked to identify yourself with either a passcode or your fingerprint. Your iCard debit card is also protected with a PIN. You can instantly block, unblock and set limits for it and for all your virtual cards and other payment options inside the wallet. All this gives you full control over your funds.
All iCard employees, from top management down are required to pass our security awareness & data protection training program immediately when hired and, then regularly each year. Moreover, we have adapted regular advanced Information Security awareness program to all our employees on a monthly basis.
Business continuity plan
We maintain a solid business continuity plan to ensure the continued operation of the iCard digital wallet services to its end-users, employees and other stakeholders.
Beware of phishing
Phishing’ emails and other scams are a growing online threat. Remember that iCard will NEVER send you an app update link or ask for your password or payment details through email or sms.
Do updates regularly
Make sure to always install the latest phone system updates, browser and app updates. If you don’t, you may miss critical security patches and leave your device vulnerable to malicious attacks.
Avoid public networks
Public networks, even the ones secured with a password, are one of the most attacked targets by hackers. Every action you take and every information you enter through a compromised Wi-Fi is visible to the invader.
Beware of apps
Malicious apps, mimicking already existing legitimate ones, are on the rise. Make sure you only download apps from a trusted publisher and from the official app stores such as Google Play and the Apple store. Only follow download links from official sources such as the publisher website, blog or social media channels.
Protect your phone.
It doesn’t really matter how careful you are online if your hardware is not protected. Make sure you have a robust and up to date firewall and malware protection software installed.