Security

Built around trust

As a SOC2 certified and regulatory compliant company, Parfin takes security seriously, applying best-in-class governance and controls

Pillars of Our Security

Protecting against external threats
Eliminating human error
Preventing insider access risk

Key Aspects of Our Approach

Multi-party Computing (MPC) technology

  • User configurable transaction policies
  • MPC powered digital asset Warm wallets
  • Keyless, distributed, and secure digital asset custody
  • Key shares can be held by Parfin and/or by customers
  • Multi-cloud setup for added security
  • Audited architecture and infrastructure

Infrastructure Security Details

  • All user data is fully encrypted, passwords are hashed and salted
  • We use HSMs that have achieved FIPS 140-2 Level 2 rating or higher
  • All of our website data is transmitted over encrypted Transport Layer Security (TLS)
    connections (i.e., HTTPS)
  • All API keys are stored in encrypted virtual HMAC wallets
  • As an additional layer of security all sensitive data are also encrypted by HSM

Platform Security Features

  • Mandatory 2FA for all user accounts when logging in and performing sensitive actions
  • Customisable authorisation engine to ensure transaction initiator and approver are separate
  • Mandatory Whitelisting of addresses with 24 hour delayed approvals
  • Multiple user roles with varying levels of access and control

Process Security

  • SOC2 Certified by Ernst & Young, the gold standard for security assessment in financial markets
  • Comprehensive insurance policies
  • Regular Penetration Testing
  • We partner with enterprise vendors to mitigate against distributed denial-of-service (DDoS) attacks
  • Policies and procedures to enforce security and data privacy
  • All software improvements require rigorous testing and approval from the Parfin executive team
  • 24/7 system and security monitoring with specialist incident response
  • Our founders and directors are unable to individually or jointly transfer funds out of the clients wallet