Eftsure leverages the internationally recognised Yodlee solution for our Bank link Supplier Verification process. Yodlee is a global leader in data aggregation, data analytics and consumer-permissioned financial data sharing. Yodlee are also formally accredited for Open Banking by the Australian Competition & Consumer Commission (ACCC) to provide Consumer Data Rights (CDR) data (https://www.cdr.gov.au/find-a-provider?provider=ADRBNK000061).
The Bank link (verification tool) acts as a link between the user's web browser and the user issuing Bank through a number of security layers (where a 'SSL handshake' is completed through standard Public Private Key Infrastructure 'PKI' between the user's web browser and the Bank). This connection is similar to when the user connects directly to the Bank through internet routers or corporate firewalls.
At no time are the user's login credentials visible or stored since their data is encrypted using the Bank's encryption key as mentioned above so that ONLY the Bank can decrypt and see their login credentials.
The Supplier's login details are not disclosed to anyone at any time in the process nor can any intermediary party decrypt the encrypted data since the private key is held by the Bank. This ensures that no one can intercept the transmission, therein no manipulation or tampering of their data can occur. Making this process very secure and safe.
Eftsure has completed our supplier evaluation endorsement process, where per our ISO 27001:2022 standards, we have vetted the security posture of the Yodlee organisation and solution, including receiving their latest penetration test provided in Q2-2024 where there were no medium/high/critical issues. Yodlee are also certified to multiple security frameworks including SOC 2 Type 2, ISO 27001 and PCI-DSS. Eftsure has also performed our own, authorised penetration testing of the Yodlee solution through a CREST accredited, independent 3rd party security firm where there have been no medium/high/critical issues identified.