Introduction
Kinfo is a small company acting on a big market, though being small in the fin-tech market doesn´t mean you can neglect the importance of security. Once you launch security becomes as important for a small company as it is for an enterprise. Kinfo is designed to be secure from the ground up and in this document, we will explain some areas of interest and the way we look at security.
Design & Architecture
The environment the Kinfo platform runs in is made up of several layers of security ranging from the actual physical protection of hardware to network protection in terms of firewalls. KINFO runs in Amazon AWS utilizing a broad set of Amazons security services to ensure the environment is protected from threats.
Designing with security in mind also means that many parts of the environment are separated into different containers within its own security context with a defined ruleset controlling which environment has access to others.
Environment
The kinfo platform runs in AWS, the world’s largest cloud service provider and trusted by big corporations such as Netflix as well as government agencies. Kinfo utilizes documented security best practices using services provided by AWS such as enforcement of MFA.
Cryptography
Cryptography is a key component in any security design. Kinfo uses different types of cryptography for different purposes, here is a list of the most important parts covered.
Communication to & from clients
Users communicate with the Kinfo backend either through the browser or a mobile app. All communication between clients the Kinfo backend is encrypted using 256-bit SSL encryption which is the same level of encryption banks & brokers use from communication between clients & backend.
This type of encryption is important to prevent anyone from controlling the network or equipment between you and Kinfo from listening and seeing sensitive data.
Communication to brokers
KINFO has direct integration to brokers and clearing firms. Large broker firms genrally have an API using OAUTH technology which means that kinfo is granted read-only access to users account without exposing broker credentials to kinfo in the authentication process.
Smaller brokers are integrated via clearing firms where the credentials used only have read access to account information and transaction history.
Encryption of passwords
When you enter your password for the first time it´s encrypted using an industry-standard best in class cryptography algorithm which includes multiple iterations of encryption and salting.
What this practically means is that passwords stored in the database can´t be decrypted with any computational power accessible today.
When you enter your password during the login process your password will be encrypted in the same way and compared to the computed value which you entered when registering your password. This way there is no way to read your password from the actual database and it´s not accessible even by Kinfo employees.
Data collected from brokers
Kinfo uses best-in-class solutions for all technology, software and infrastructure used to link brokers with the kinfo platform. Plaid which is the worlds biggest aggregation provider is trusted by thousands of personal finance and investing apps.
Kinfo is required to follow certain specifications to achieve a high level of security. The most important of these are:
- Kinfo NEVER see, store or have access to your real broker credentials
- Kinfo can NEVER be used to execute trades
- Kinfo can NEVER touch your money/assets or make any changes to your account
- All communication between the app, kinfo, Plaid, and brokers uses bank-level 256-bit encryption
- The token used by kinfo can only be used to read data, never make changes or execute trades
Regular Security Audits
We continuously monitor all our systems for security vulnerabilities using third-party services aimed to identify any type of breach in our systems. In case a breach is found, the kinfo team is immediately alerted about the issue.