Security at Wolfia

Your security and trust is our top priority. We’re committed to safeguarding your financial institution’s data with rigorous compliance controls and robust encryption methods. Here’s how we’ve designed Wolfia to meet these standards.

Last updated: December 29, 2023

1. Encryption in Transit

All data exchanges between your institution and Wolfia are HTTPS-encrypted. For API interactions, we use OAuth 2.0 for secure authorization and JSON Web Tokens (JWT) for secure data transfer. We also implement rate limiting, DDoS mitigation strategies, and a Web Application Firewall (WAF) to prevent abuse and malicious attacks. Data is transmitted over a TLS 1.3 encrypted connection, employing AES-GCM encryption for enhanced data integrity and confidentiality.

2. Encryption at Rest

Wolfia's data storage is robust and secure. Our databases and S3 buckets on AWS are encrypted using AES-256 encryption. Key management is handled through Amazon's Key Management System to ensure that your stored data remains inaccessible to unauthorized users.

3. Data Safety

Our AI algorithms are designed to process only the essential data attributes and adhere to data minimization principles. Only the necessary data attributes are used for analysis, and the raw data is never exposed to external systems. This maintains an extra layer of data safety without compromising AI-driven insights. Moreover, we ensure that the AI models we use are secure, accurate, and unbiased.

4. Access Control

Wolfia has a robust access control framework, leveraging role-based permissions to ensure employees only have access to the information necessary for their specific job functions. Every access is logged, time-stamped, and audited regularly, creating a strong accountability trail that enhances internal security measures. Access logs are secured using HMAC-based integrity verification to ensure that the logs have not been tampered with.

5. Amazon Web Services

Wolfia proactively monitors and improves financial crime compliance controls. Our system runs on AWS cloud infrastructure, ensuring optimal availability and resilience. Real-time monitoring alerts you instantly if issues arise. In addition to our own robust security measures, AWS provides an extra layer of protection with its own stringent security protocols and recurring compliance assessments.

6. Network Security

Our network architecture employs multiple layers of security controls, including firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS). We also utilize Security Information and Event Management (SIEM) tools to continuously monitor the network, ensuring resilience against various types of attacks.

7. Endpoint Security

All endpoints, including those used by employees, are secured using disk encryption (FileVault), DNS filtering, and Endpoint Detection & Response (EDR) solutions. This comprehensive approach actively monitors for threats while also ensuring that data remains secure in case of device theft or loss.

8. Corporate Security

Wolfia’s corporate security strategy includes ongoing training programs that keep our team updated on the latest security best practices. We also have a rapid incident response protocol in place, enabling us to act quickly and decisively in the event of a security breach.

9. Legal

We maintain rigorous legal safeguards, including structured data processing agreements. These legal frameworks lay out the mutual responsibilities concerning data protection and service delivery, providing clear guidelines that align with industry standards.

10. Risk Management and Security Controls

Our risk assessment framework includes regular evaluations of our AI algorithms for accuracy and bias mitigation, ensuring our predictions and analyses uphold the highest standards of integrity and reliability. We conduct periodic security audits and penetration tests to reinforce our defenses against emerging cyber threats. By proactively managing these risks, we aim to maintain the resilience and trustworthiness of our platform, providing our clients with a secure environment for their compliance and monitoring needs.

11. Incident Response Management

In the event of a security incident, Wolfia has established a robust incident response protocol to swiftly address and mitigate any potential impacts. Our dedicated security team is trained to manage incidents effectively, from identification to resolution, ensuring minimal disruption to our services. We maintain transparent communication with our partners during such events, providing timely updates and support. Additionally, we conduct post-incident reviews to learn and continually improve our security posture. Our commitment to prompt and efficient incident response is a testament to our dedication to safeguarding our clients’ data and maintaining their trust.

12. Customer Responsibilities

Wolfia partners with financial institutions and fintechs to provide cutting-edge fraud monitoring and testing. As our partner, your role is crucial in ensuring the effectiveness of our solutions. You are responsible for accurately providing data necessary for Wolfia’s analytics and ensuring the integrity of the data fed into our systems. Additionally, maintaining secure access to Wolfia’s platform, managing user permissions within your organization, and adhering to all relevant regulatory and compliance guidelines in your operations are essential. We count on you to report any anomalies or concerns in data processing or platform functionality immediately to facilitate prompt action.