All categories

Securing A Fintech Organization

November 23, 2021 • 2 min read

Security in a fintech company is an important and difficult task. How do you build enough guardrails without impacting innovation?

Recently, Yieldstreet has undertaken two measures (the SOC2 and ISO27001 reports) that reflect how well we’re performing our security, privacy, confidentiality, availability, and processing integrity controls over a given period. We thought to do it early and build a strong security foundation as we build our teams and services. That way, we already have the framework in place that is prescriptive but can be improved upon as we grow as a business – the snapshot today isn’t how we’ll look a year from now. We started a security initiative to get these reports in 2019, and in March 2021 Yieldstreet received its SOC 2 Type 1 certification for availability, confidentiality, and security without noted exceptions.

In 2021, there have been several high profile hacks on critical infrastructure and international organizations. One of the most notable occurred through a platform called Kaseya. We do not use Kaseya products, so we were not impacted by this breach. However, we wanted our security team to offer a breakdown (though incomplete) of some of the various security controls we do have in place to protect us and our investor/borrower data:

We’re conducting annual third-party penetration tests on Yieldstreet.com’s infrastructure and application. The most recent one was conducted in March 2021and the results yielded no “critical” security vulnerabilities and two vulnerabilities classified as “high”. The high vulnerabilities were something we already knew about and had a plan for tackling.

Each server and employee workstation in the environment is protected with next generation anti-virus solutions that provide us full visibility to malicious behavior at the origin and throughout the system processes.
We have deployed Cloudflare to protect our application at the edge, and have mitigations against common web attacks and bad bots.

We have deployed a risk based authentication platform to prevent investor account takeover.

Yieldstreet deploys data loss prevention tooling across each workstation, messaging applications, and SaaS products. This allows us to track the flow of company confidential and personal identifiable information safe from exfiltration.

We are monitoring our ability to fight phishing tests with our routine phishing exercises. We are doing well and we can and will do better in the coming months as more training becomes available.

Our code undergoes static code analysis to ensure that we are coding securely and alerting us when we don’t.

We have many more protections planned and are constantly evolving our security posture against the evolving threat landscape. Just as we think about liquidity for our investors, we think about security among the risks we face.

What's Yieldstreet?

Yieldstreet provides access to alternative investments previously reserved only for institutions and the ultra-wealthy. Our mission is to help millions of people generate $3 billion of income outside the traditional public markets by 2025. We are committed to making financial products more inclusive by creating a modern investment portfolio.

Retirement investing on Yieldstreet is now powered by Equity Trust

Yieldstreet has partnered with Equity Trust to provide greater options and an improved experience for retirement accounts.

19 days ago

General

Getting started with Yieldstreet for Equity Trust clients

Here’s everything you need to know from getting started to your first investment.

a month ago

About Yieldstreet

Yieldstreet just got easier to navigate

Yieldstreet’s mobile app version 3.0 improves the way the app works for you with navigation features that include a more intuitive approach.

a year ago

¹ Past performance is no guarantee of future results. Any historical returns, expected returns, or probability projections may not reflect actual future performance. All securities involve risk and may result in significant losses.

² Represents an average net realized internal rate of return (IRR) with respect to all matured investments in your portfolio, utilizing the effective dates and amounts to and from the investments and net of management fees and all other expenses charged to the investments. Past performance is not a reliable indicator of future results and should not be relied upon as the basis for making an investment decision. All securities involve risk and may result in significant losses, including the loss of principal invested.[read more]

³ "Annual interest," "Annualized Return" or "Target Returns" represents a projected annual target rate of interest or annualized target return, and not returns or interest actually obtained by fund investors. “Term" represents the estimated term of the investment; the term of the fund is generally at the discretion of the fund’s manager, and may exceed the estimated term by a significant amount of time. Unless otherwise specified on the fund's offering page, target interest or returns are based on an analysis performed by Yieldstreet of the potential inflows and outflows related to the transactions in which the strategy or fund has engaged and/or is anticipated to engage in over the estimated term of the fund. There is no guarantee that targeted interest or returns will be realized or achieved or that an investment will be successful. Actual performance may deviate from these expectations materially, including due to market or economic factors, portfolio management decisions, modelling error, or other reasons.

⁴ Reflects the annualized distribution rate that is calculated by taking the most recent quarterly distribution approved by the Fund's Board of Directors and dividing it by prior quarter-end NAV and annualizing it. The Fund’s distribution may exceed its earnings. Therefore, a portion of the Fund’s distribution may be a return of the money you originally invested and represent a return of capital to you for tax purposes.

⁵ Represents the sum of the interest accrued in the statement period plus the interest paid in the statement period.

⁶ The internal rate of return ("IRR") represents an average net realized IRR with respect to all matured investments, excluding our Short Term Notes program, weighted by the investment size of each individual investment, made by private investment vehicles managed by YieldStreet Management, LLC from July 1, 2015 through and including July 18th, 2022, after deduction of management fees and all other expenses charged to investments.

⁷ Investors should carefully consider the investment objectives, risks, charges and expenses of the Yieldstreet Prism Fund before investing. The prospectus for the Yieldstreet Prism Fund contains this and other information about the Fund and can be obtained by emailing [email protected] or by referring to www.yieldstreetprismfund.com. The prospectus should be read carefully before investing in the Fund. Investments in the Fund are not bank deposits (and thus not insured by the FDIC or by any other federal governmental agency) and are not guaranteed by Yieldstreet or any other party.

⁸ This tool is for informational purposes only. You should not construe any information provided here as investment advice or a recommendation, endorsement or solicitation to buy any securities offered on Yieldstreet. Yieldstreet is not a fiduciary by virtue of any person's use of or access to this tool. The information provided here is of a general nature and does not address the circumstances of any particular individual or entity. You alone assume the sole responsibility of evaluating the merits and risks associated with the use of this information before making any decisions based on such information.

300 Park Avenue 15th Floor, New York, NY 10022

844-943-5378

[email protected]

No communication by YieldStreet Inc. or any of its affiliates (collectively, “Yieldstreet™”), through this website or any other medium, should be construed or is intended to be a recommendation to purchase, sell or hold any security or otherwise to be investment, tax, financial, accounting, legal, regulatory or compliance advice, except for specific investment advice that may be provided by YieldStreet Management, LLC pursuant to a written advisory agreement between such entity and the recipient. Nothing on this website is intended as an offer to extend credit, an offer to purchase or sell securities or a solicitation of any securities transaction.

Any financial projections or returns shown on the website are estimated predictions of performance only, are hypothetical, are not based on actual investment results and are not guarantees of future results. Estimated projections do not represent or guarantee the actual results of any transaction, and no representation is made that any transaction will, or is likely to, achieve results or profits similar to those shown. In addition, other financial metrics and calculations shown on the website (including amounts of principal and interest repaid) have not been independently verified or audited and may differ from the actual financial metrics and calculations for any investment, which are contained in the investors’ portfolios. Any investment information contained herein has been secured from sources that Yieldstreet believes are reliable, but we make no representations or warranties as to the accuracy of such information and accept no liability therefore.

Private placement investments are NOT bank deposits (and thus NOT insured by the FDIC or by any other federal governmental agency), are NOT guaranteed by Yieldstreet or any other party, and MAY lose value. Neither the Securities and Exchange Commission nor any federal or state securities commission or regulatory authority has recommended or approved any investment or the accuracy or completeness of any of the information or materials provided by or through the website. Investors must be able to afford the loss of their entire investment.

Investments in private placements are speculative and involve a high degree of risk and those investors who cannot afford to lose their entire investment should not invest. Additionally, investors may receive illiquid and/or restricted securities that may be subject to holding period requirements and/or liquidity concerns. Investments in private placements are highly illiquid and those investors who cannot hold an investment for the long term (at least 5-7 years) should not invest.

Alternative investments should only be part of your overall investment portfolio. Further, the alternative investment portion of your portfolio should include a balanced portfolio of different alternative investments.

Articles or information from third-party media outside of this domain may discuss Yieldstreet or relate to information contained herein, but Yieldstreet does not approve and is not responsible for such content. Hyperlinks to third-party sites, or reproduction of third-party articles, do not constitute an approval or endorsement by Yieldstreet of the linked or reproduced content.

Investing in securities (the "Securities") listed on Yieldstreet™ pose risks, including but not limited to credit risk, interest rate risk, and the risk of losing some or all of the money you invest. Before investing you should: (1) conduct your own investigation and analysis; (2) carefully consider the investment and all related charges, expenses, uncertainties and risks, including all uncertainties and risks described in offering materials; and (3) consult with your own investment, tax, financial and legal advisors. Such Securities are only suitable for accredited investors who understand and are willing and able to accept the high risks associated with private investments.

Investing in private placements requires long-term commitments, the ability to afford to lose the entire investment, and low liquidity needs. This website provides preliminary and general information about the Securities and is intended for initial reference purposes only. It does not summarize or compile all the applicable information. This website does not constitute an offer to sell or buy any securities. No offer or sale of any Securities will occur without the delivery of confidential offering materials and related documents. This information contained herein is qualified by and subject to more detailed information in the applicable offering materials. Yieldstreet™ is not registered as a broker-dealer. Yieldstreet™ does not make any representation or warranty to any prospective investor regarding the legality of an investment in any Yieldstreet Securities.

Banking services are provided by Evolve Bank & Trust, Member FDIC.

Investment advisory services are only provided to clients of YieldStreet Management, LLC, an investment advisor registered with the Securities and Exchange Commission, pursuant to a written advisory agreement.

Our site uses a third party service to match browser cookies to your mailing address. We then use another company to send special offers through the mail on our behalf. Our company never receives or stores any of this information and our third parties do not provide or sell this information to any other company or service.

Read full disclosure

Privacy PolicyData Security

Website Data Collection Preferences

AccessibilityTerms of UseForm ADV Disclosure BrochureForm CRS

Securing A Fintech Organization

Related Content

Retirement investing on Yieldstreet is now powered by Equity Trust

Getting started with Yieldstreet for Equity Trust clients

Yieldstreet just got easier to navigate