Security and privacy are our priorities.
QuickFi encrypts data at rest and in transit for all of our customers. For PII and highly sensitive data requiring the highest levels of protection, access is restricted to specific employees or departments, and these records can only be passed to others with approval from the data owner, or a company executive.
QuickFi regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, API’s and the deployed environment.
Internal access to systems requires multifactor authentication and users of the QuickFi mobile app are required to use multifactor authentication as well as an enhanced ID verification process.
QuickFi uses Multi-Factor Authentication (MFA) as an additional layer of authentication beyond usernames and passwords for all critical internal systems. This helps prevent unauthorized users from gaining access to your data.
QuickFi uses Salesforce and Microsoft Azure’s Platform as a Service (PaaS) offerings to provide our services. This means that Salesforce and Microsoft are responsible for the patching and maintenance of the operating systems, in addition to the physical data centers and network security.
Salesforce and Microsoft undergo regular independent verification of security, compliance and controls against both ISO27001 and SOC2 standards.
In addition, we deploy our application using containers run on AWS managed services, meaning we typically do not manage servers or EC2 instances in production.
Robust monitoring, risk alerts, and a 24/7 on-call team helps QuickFi quickly respond and resolve adverse events. This is a key component of QuickFi’s information security program.
QuickFi’s onboarding process involves comprehensive interviewing of candidates, background screening, and a structured onboarding period. Exiting employees have their access to QuickFi’s systems terminated within one business day.
All QuickFi employees undergo security training when they start with us, and then at least annually thereafter. We also conduct regular in-house phishing campaigns and ad hoc training.
Collaborating for a safe digital financial ecosystem
As the infrastructure connecting our B2B embedded lending services to financial institutions and global manufacturers, we take our role seriously. We share our security practices, learnings, and technologies with partners, app developers, and financial institutions to make sure we are working toward a more secure digital financial system together.