Security is at the heart of everything we do and build at Yieldstreet. Our security leadership brings over 20 years of experience in Fintech, digital financial platforms and regulated industries. We care deeply about your security, and go the extra mile to protect the data and privacy of our users and safety of their portfolios and transactions.
Of course, in an era where website hacks, data compromises, and commerce on the dark web are a matter of daily news, and a security breach in one place can render your accounts at other unrelated places vulnerable and open to compromise, we also do our best to educate our users on best practices to follow to protect their data, both at Yieldstreet and other digital platforms.
Read on to learn more about how we approach platform security at Yieldstreet.
The Yieldstreet platform is architected from the ground up with a central focus on security. We follow top industry standards and guidelines for all aspects of the platform, spanning secure coding, data encryption and privacy management, segmented and containerized cloud infrastructure, advanced perimeter security and fine-grained access control. In addition, we integrate with a set of vendors for specific security purposes like Two-Factor Authentication, account level security, continuous monitoring and many others, providing bank-grade security for the protection of our users and their data.
Account and portfolio security
Application security at Yieldstreet starts from secure coding practices, enforced via both process and automated controls. We follow OWASP guidelines for secure application development, for both frontend and backend systems. Our continuous delivery pipeline ensures all code commits are auto-scanned for insecure code. The platform also deploys a set of security features to ensure the account-level security of our end users:
Two-Factor Authentication (2FA) is a mandatory requirement for all users.
Account level security controls incorporate heuristic and AI-based controls for detection and prevention of account takeovers. including (but not limited to) auto-lockouts on repeated login failures, access pattern violation detections and suspicious logins.
Transaction level security is implemented at multiple levels via risk scoring algorithms that combine heuristic rules with pattern recognition algorithms to detect and escalate potential fraud.
Data security and privacy
Data is the most valuable and sensitive commodity for any enterprise, and at Yieldstreet we are resolutely committed to the privacy, security and loss protection of this commodity, both Yieldstreet’s enterprise data and our users’ private data. As stewards of the data provided to us by our users, we employ a variety of systems and controls to help ensure the privacy and security of this data:
More information on Yieldstreet’s privacy policies can be found here.
Infrastructure security
Yieldstreet’s systems are hosted in Amazon’s AWS cloud infrastructure, across multiple regions and availability zones to provide redundancy. AWS is an industry-leading SOC-2, ISO27001, and FEDRAMP certified secure cloud infrastructure provider, providing a wide range of functionality and features for securing and monitoring an enterprise’s cloud infrastructure. We leverage all of these technologies provided by AWS for securing our infrastructure, and have developed a sophisticated containerized physical architecture with security as a core driving concern.
Some highlights of this architecture:
To ensure we keep the platform secure at all times, we perform annual third-party audits of our applications, networks and infrastructure. In addition, our vendor management policy requires all vendors that handle secure user data to provide reports of their annual security audits.
Assurance
Yieldstreet has a SOC 2 Type 2 report from the American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC). SOC reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. Our SOC 2 reports cover controls around all five trust services criteria (TSC): security, availability, processing integrity, confidentiality and privacy of customer data.