wealthAPI data security
Safety is our top priority. Data is the most precious currency of our time.
The protection of your customer data is our top priority. As a regulated account information service, we work in accordance with German banking security and data protection standards.
Target Operating Model (TOM)
Our operating model is essentially based on the “need-to-know” principle. In accordance with regulatory requirements, we have formalized the need-to-know principle as a series of organizational roles.
As our company develops, so does our role model. All roles are linked to data access policies that define what each role can see and edit.
Our strategy
Technical measures
- Hosting in Frankfurt (Google Cloud)
- Focus on test-driven development to ensure high quality, even in a dynamic environment
- Coaching and close cooperation with our customers and partners to ensure minimum safety standards
- Open APIs that have been in productive use for years
- Encapsulated infrastructure: All components (e.g. our database) run in their own network and are not visible from the outside. Backups are encrypted (data at rest encryption)
- Use of modern technology stack and Google services (e.g. Google Intrusion Detection, Web Application Firewall)
- Separation of sensitive and less sensitive systems in the wealthAPI infrastructure
Organizational measures
- Application of strict access management, sensitive data is only accessible to a few employees
- Use of a strict role concept, reinforced by central authentication with Google Services
- Formation of specialized teams and constant further training in topics such as GDPR
- Implementation of peer reviews for all code changes as an element of quality assurance to rule out individual misconduct
- Implementation of regulation by BaFin, e.g. as part of an annual audit process in which IT processes are also audited in a risk report
Our convictions
Safety starts with the organization
Even if a system has an excellent security architecture, it is ineffective if those who interact with it do not have the necessary qualifications
Organizational security shapes IT security.
As soon as employees change departments or take on a new role, their access rights must also change. We do not have any historical access rights, only role profiles.
Security must follow a design principle
Consideration of the security aspect is of crucial importance in service design. This is due to the difficulty of changing existing systems retrospectively.
People make mistakes, an early-warning mechanism helps
People make mistakes. It is therefore necessary to design systems in such a way that faults are detected at an early stage and their impact on safety is minimized.
The most important facts and figures about wealthAPI.
Market experience since 2014
BaFin and FMA regulated
Registered account information service in Germany (BaFin)
Authorized financial services provider in Austria (FMA)
3500+ bank connections
Direct API to comdirect, Trade Republic, Whitebox, Quirion, Scalable ...
Find out more?
Read the detailed thought leadership article by our CTO Wolfram Stacklies now (german only).