We're serious about security.
At Neat, we are committed to ensuring the security of our customers’ data through a proactive “Defense in Depth” concept, in which multiple layers of security controls are placed throughout our information technology system.
This approach is to defend our system against any particular attack using several independent methods.
We align ourselves with the strictest security measures to guarantee the greatest security in the protection and privacy of our data.
Neat is PCI DSS (Payment Card Industry Data Security Standard) compliant by implementing cybersecurity controls and business practices that demonstrates we meet the industry security standards to secure our customer card data.
This standard outlines a set of strict requirements set by the payment card industry and is designed to ensure that organizations which process, store or transmit credit card data maintain a highly secure environment, and uphold the highest data security and privacy standards. Neat is certified a Level 1 which is the highest level of certification.
All our data is encrypted in transit via industry best practices using Transport Layer Security (TLS) minimum version 1.2, and encrypted at rest across our infrastructure using minimum SHA-256. Furthermore, all credentials are salted, hashed and stored as such in the Database
To enforce data security, role-based access control (RBAC) is implemented to restrict system access to authorized users.
At Neat, our applications are developed with security in mind. All code is peer-reviewed and checked for potential threats and vulnerabilities including the OWASP Top 10 web and mobile security risks.
We use security testing to examine the code to find software flaws and weaknesses, and also to examine our application to find vulnerabilities that an attacker could exploit.
In addition to complexity password rules and encrypted data in transit, we have implemented 2 Factor Authentication (2FA), which is an extra layer of security used to make sure that customers trying to gain access to our website and application are who they say they are.
At Neat we are performing penetration testing on an annual basis at both the application and infrastructure by third party independent companies, and we are running weekly automated vulnerabilities scanning to identify known vulnerabilities.
In addition, we use suspicious user behavior monitoring technologies to identify account takeover attacks, brute force attacks or a phishing scam. For any high risk scoring case, we are blocking access and forcing a password reset.
Our infrastructure is hosted on Amazon Web Services (AWS). They provide strong security capabilities and services to protect our service.
For more information about their security practices, see here.
All our employees undergo thorough extensive background checks and are required to attend information security awareness training. Tailored security training is provided to staff who are handling sensitive data. We also launched various campaigns to improve employee security awareness.
All employees must sign and follow all our internal security policies and procedures.
Please contact our Customer Service team immediately if you think your account has been compromised or you have any concerns on security or privacy issues.
Alternatively, if you have any questions or want to learn more about security at Neat, you can find more information in our Neat Business FAQ.
Your money is in safe hands!
Your funds are held in segregated bank accounts at licensed banks. Depending on the type of currency wallet you sign up for, your funds will be stored in Hong Kong or the U.K., in accordance with a robust safeguarding policy. This means that even if something happens to Neat, your funds are safe.
Money Service Operator regulated by the Customs and Excise Department (licence number:19-06-02796)
Trust or Company Service Provider licenced by the Companies Registry (licence number:TC006452)
Money Lender’s Licenceregulated by the Registrar of Money Lenders (licence number: No. 0464/2020)
Neat Global Limited🇬🇧
An agent (licence number: 902145) of PayrNet Limited.
Payrnet Limited (licence number: 900594) is a E-money Institution authorised by the Financial Conduct Authority in the United Kingdom.