We have established this Trust Centre to provide our customers and partners with all the information you need to make an informed decision about Masthaven Bank as your service provider.

We pride ourselves on our GDPR compliant operating procedures, which is reflected in the care and attention we take to protect our customers data.

Our Infrastructure

  • We use secure data centres within the UK which are operated to ISO27001.
  • All critical services are hosted on resilient hardware and networks.
  • Our infrastructure is protected from external threats by multiple layers of firewall.
  • We make use of leading secure cloud providers and content distribution networks to host and protect our web services.
  • We enforce multi factor authentication where appropriate when working on or offsite
  • We make sure our information is encrypted in transit and at rest where possible
  • Management access to infrastructure is tightly controlled and recorded

Disaster Recovery

  • We regularly backup all our information to guard against data loss
  • Backup data is stored securely and encrypted off site to minimise disruption in the event of any interruption
  • We perform regular Disaster Recover tests
  • We employ a multi-line connection to our data centres to make sure that we have a correct failover process

Security Patching

  • Hardware is built according to leading industry standards and patched with the latest security updates.
  • Our hardware is externally tested by approved third parties
  • All systems are protected by endpoint Anti-Virus.
  • An ongoing vulnerability scanning and management program is in place.
  • We have deployed next generation artificial intelligence threat monitoring systems to monitor our network.
  • We commission regular independent third-party security assessments and penetration tests of our network and web applications.

Our People

  • New members of staff receive security awareness training as part of the induction process
  • We continue to carry out regular security awareness training for all our staff.
  • All Masthaven employees are subject to appropriate security screening.
  • Strict information security policies are in place which prevent staff from unauthorised access to data
  • We employ skilled information security and data privacy specialists to work with senior management and help the business keep abreast of evolving threats against the bank and its customers

Protecting your Data

  • All web pages are served over TLS/SSL.
  • Access to the Masthaven web services is through a secure web form login.
  • Passwords are hashed using a secure cryptographic algorithm.
  • We have deployed solutions to protect against brute force attacks.
  • All data is virus scanned when uploaded to the websites.
  • Our email systems use authentication and validation systems such as DKIM and DMARC.
  • Payment processes are fully PCI-DSS compliant.