Brankas Support



Brankas is an Open Finance provider. We enable businesses to connect to financial institutions easily. Brankas aggregates APIs from financial institutions to enable payment initiation services, account information services, and other financial use cases via a single API. Businesses can then use Brankas APIs to build their own financial services and products.

This page provides an overview of our security program to enable the scoping of diverse third-party risk assessments.

You need to make a request to open access to private documents or other documents not listed here; and make sure that third parties have approved our NDA before granting access to Brankas private documents.


arrow Scope
arrow Scope


arrow Request Access
  • Product and Application Security

    We identify security, contractual, and regulatory requirements for customer access contractually prior to granting customers access to data, assets, and information systems.

  • Data Security

    Data at-rest is protected using using AES-256. All access potentially touching these requires authentication.

  • Identity and Access Management

    We implement access control based on the principles of “least-privilege” and “need-to-know”. There is a separation of duties for granting access and approving access to systems and data.

  • Change Control & Configuration Management

    We have controls in place to restrict and monitor the installation/ changes onto our systems. Same with secure SDLC principle, we mandatory to validate the changes and requires a proper testing, prior to release it to the production.

  • Network Security

    System and network environments protected by firewall to ensure business and customer security requirements

  • Data Center Security

    We utilize Google Cloud Platform (GCP) to host our services and data. GCP demonstrates satisfies requirements for a comprehensive set of industry-leading security, third-party audits and certifications. GCP has a suite of compliance certificates for their data centers, include ISO 27001 - 27017 - 27018 - 27701 - 9001, SOC 1-2-3, PCI DSS, and CSA STAR SOC2+ certified.

  • Corporate Security

    We have documented information security policies, as well as risk management policy and procedure. We made it available to all impacted personnel and business partners, authorized by accountable business role/function and supported by the information security management program as per ISO 27001 standard.

If you can’t find what you need or need further assistance, contact us.