Security

Security is our top priority. We aim to have your trust and confidence by protecting the confidentiality of all of your transactions. We make sure that our security system meets standard world-class security practices that is also aligned with standard security practices of local banks and the government.

Cloud Security

We store our service application logic in AWS (Amazon Web Services) cloud infrastructures that provide multiple level security right from the operating system of the host platform, firewall, and API calls. This means that basic infrastructure that runs all of the cloud service such as software, hardware, networking, including all basic security requirement such as guest operating system (OS) and database patching, firewall configuration, and disaster recovery are built to meet the requirements of world-class security standards.

We monitor and control inbound and outbound communication and traffic to protect all of your transaction data. We establish a secure communication sessions through secure HTTP access (HTTPS) when you're accessing our API endpoint. All communication must be made using Secure Sockets Layer (SSL), a cryptographic protocol, meaning that all information sent becomes unreadable to everyone except for our server. This protects your information against malicious attempts such as eavesdropping, tampering, and forgery and against security attacks such as phishing, man-in-the-middle attacks and DDoS attacks. AWS allows us to provide you with dedicated network devices to manage interfacing communications with ISPs to make sure that you can access our system securely when connecting with your ISP. We use leased line to ensure the privacy and security of connection between us and the banks.

Data Security

To give you the privacy you need, access to all of your personal and financial data that goes in our system is restricted by default, and only Instamoney and you, as the owner, have access to this data. For maximum security, you must access your data via SSL encrypted endpoints so the data is transferred securely.

We protect your data at rest, meaning that all your information will be encrypted using one of the strongest block ciphers available – 256-bit Advanced Encryption Standard (AES-256). This means that information is almost impossible to decipher from its encrypted form because cipher keys are unique and impossible to guess, and only senders and receivers share the same secret key to encrypt and decrypt the data. This level of encryption is highly secure and used most often for communications with banks that maintain the privacy and security of customers. For an extra layer of protection, we also regularly verify the integrity of data on all traffic to check if corruption is detected so that it can be repaired using redundant data.

Keeping Your Account Safe

We will provide unique encrypted API keys that can give you access to interact with our system. You will be required to use your encrypted API keys to command us to execute any transactions. Make sure that you do not share your API keys to anyone.

All of your funds that are stored temporarily in our account will be securely held and only accessible by our system and you as the owner. You can access this information anytime through your Dashboard. You encrypted API keys are extremely important as they will give you full control of your funds management, including when and where you want your money to be sent or withdrawn.

To prevent possible threats from outsiders, make sure that you access our system using a private and secure connection. Another way to do it is to make sure you clear your logins and passwords. You should also be alert of phishing or any spam or pop-ups that ask to obtain your information and always verify that you are on a familiar web site with security controls before entering personal data.