KINFO is a small company acting on a big market, though being small in the fin-tech market doesn´t mean you can neglect the importance of security. Once you launch security becomes as important for a small company as it is for an enterprise. KINFO is designed to be secure from the ground up and in this document, we will explain some areas of interest and the way we look at security.
Design & Architecture
The environment the KINFO platform runs in is made up of several layers of security ranging from the actual physical protection of hardware to network protection in terms of firewalls. KINFO runs in Amazon AWS utilizing a broad set of Amazons security services to ensure the environment is protected from threats.
Designing with security in mind also means that many parts of the environment are separated into different containers within its own security context with a defined ruleset controlling which environment has access to others.
Cryptography is a key component in any security design. KINFO uses different types of cryptography for different purposes, here is a list of the most important parts covered.
Communication to & from clients
Users communicate with the KINFO backend either through the browser or a mobile app. All communication between clients the KINFO backend is encrypted using 256-bit SSL encryption which is the same level of encryption banks & brokers use from communication between clients & backend.
This type of encryption is important to prevent anyone from controlling the network or equipment between you and KINFO from listening and seeing sensitive data.
Communication to brokers
KINFO partners with TradeIt for communication between the backend and your broker. The communication between the KINFO platform and TradeIt and from TradeIt to your broker is encrypted using the same strong encryption technology as the communication between your browser or app and the KINFO backend.
Encryption of passwords
(This applies to your KINFO password, for details on how broker connections are handled, see this section)
When you enter your password for the first time it´s encrypted using an industry-standard best in class cryptography algorithm which includes multiple iterations of encryption and salting.
What this practically means is that passwords stored in the database can´t be decrypted with any computational power accessible today.
When you enter your password during the login process your password will be encrypted in the same way and compared to the computed value which you entered when registering your password. This way there is no way to read your password from the actual database and it´s not accessible even by KINFO employees.
Communication between KINFO & broker
KINFO partners with TradeIt to handle the communication between the KINFO backend and broker services. TradeIt is relatively new on the market compared to its competitors. Even though the are relatively new, TradeIt has gained trust and acceptance as the most secure way for consumer-facing fin-tech solutions to broker services.