Testing our systems
We recognise that security testing is an important part of protecting our client’s privacy. Our software development process includes automated testing based on the widely recognised OWASP standard and also scripted testing by professional software testers.
Encryption of data
All communication between our servers and your computer is encrypted using SSL encryption which can be verified by the presence of a closed lock icon in the address bar of your browser. Moreover, our extended validation SSL certificate indicated by the name “SME Capital” appearing in the address bar to the left of the website address carries the assurance that the certificate authority performed additional identity checks before issuing the certificate.
Our servers are protected by firewalls which restrict all but the necessary communication to and from our systems. Security patches are regularly and automatically applied to our underlying operating system and installed software.
All access to private data is subject to being logged in with a username and password set by you. Your password is stored in an encrypted format on our servers and SME Capital enforces a strong password policy to reduce the chances of your password being guessed by a third party. Additionally, the use of two-factor authentication for sensitive operations such as setting and changing passwords offers further protection from account hijacking.
Logged in sessions are automatically terminated after a certain period of activity to avoid your account being accessed without your knowledge.