Our approach to security, in general, is applying different layers of organizational and technical measures to ensure all the threats to which our platform is exposed to are properly mitigated. Measures are being implemented based on the outcome of a risk assessment and following recommendations of ISO 27002:2013 Information technology — Security techniques — Code of practice for information security management and CryptoCurrency Security Standard (CCSS). The platform is designed in accordance with requirements from the General Data Protection Regulation (GDPR) in order to ensure a proper level of personal data protection for our clients.
In order to give the reader a bit of understanding about Kriptomat.io security stance, we listed some of the organizational and technical measures we have put in place in order to protect our customers, their assets and also Kriptomat.io as an organization that is enabling the not so computer savvy clients to participate in crypto markets.
Security starts and ends with people, therefore we are reducing internal fraud risk by screening all of the Kriptomat.io employees and doing background checks on all other involved parties. Additionally, all the employees are being regularly trained on security and data protection.
Highly secure cold storage with controlled accessOne of our main efforts is protecting crypto balances residing on different internal crypto wallets. We are monitoring the balances and the trends in order to constantly keep 98% of crypto assets on highly secure cold storage with controlled access.
Strict operational proceduresManagement of cold storage, as well as all other platform support and development operations, are defined in strict operational procedures. The most sensitive operations require the four-eyes principle.
A dedicated team for monitoringThe platform is logging all the actions on the platform, and a dedicated team is monitoring the events in order to detect and respond to any suspicious activities.
Security testSecure coding principles in combination with regular penetration tests and mitigation of identified vulnerabilities are one of the core elements of the platform security.
In order to make sure that the security controls are sufficient for the ever-changing security threat landscape, a regular risk assessment process is put in place.
Two-factor authentication (2FA) is implemented in addition to standard username/password to protect our clients and also our platform against brute force attacks and malware that might steal clients’ passwords.