Security Castlight

Security in a Safer Financial World

Former national rugby referee, past president of The Scottish Rugby Union and Bill Clinton look-alike (see our Meet the Team page) Ed Crozier is also a highly experienced director on the Castlight board. One of the things we particularly value about Ed’s contribution to our team is his expertise in governance and regulation and his commitment to ensuring that everything we do, we do with integrity and thoroughness.

Our corporate strapline reminds us daily that every product we develop must ultimately help us build “a safer financial world”. Ed joined our board because he wanted to help us do this. And Ed reminds us regularly of his firm belief that “if our Affordability Passport® had been available prior to the financial crash of 2007-08 it could have stopped in its tracks the mis-selling of mortgages and sub prime loans.

This is important stuff and we continue to ensure day by day that we hard-wire safety and security into the DNA of every piece of fintech we build.

How do we Ensure Security?

Our Affordability Passport® is a good example of how we have taken extra steps to ensure that our product is safe in a world where sensible people take cyber security very seriously indeed.

The Affordability Passport® is effectively a tool developed for lenders, so that you can be fully equipped to make a lending decision in 10 minutes and, for most customers, offer them a mortgage in the time it takes them to drink a coffee. And the way we do this is to allow your customers to share their transactional data from their bank accounts in real time, providing you with a comprehensive, categorised picture of their income, financial commitments and expenditure.

Your customers trust you to look after them in a fast-changing world of financial technology. When you advise them that they need to log in with their bank details to use Castlight’s Affordability Passport®, they need to know that this is more secure than logging in on an internet browser to do their normal on-line banking.

What Steps have we Taken?

So, what have we done to ratchet up security as far as it will go?

  1. We have created a strategic partnership with Equifax, the largest credit reference agency in the world and have gone through Equifax’s due diligence process. Equifax has 820 million users globally, so we benefit from a due diligence status that is robust enough for a global giant.
  2. We have waited until 2 million users in the UK and 58 million users worldwide have used the bank logging process we selected before tailoring it for our Affordability Passport®.
  3. The Castlight platform for our Affordability Passport® is operated by an FCA regulated company.
  4. We use a bank logging in process that uses 256-bit encryption. The better browsers people might use at home to log into their online bank accounts connect at 128-bit encryption.
  5. We have deliberately chosen to disable an available function to store customer log-in details. Instead, as soon as our software has accessed and categorised a customer’s transactional data from their bank account, the log-in details are automatically deleted.
  6. And as soon as a customer’s data has been processed, their personal information is also deleted from our system and cannot be used again. We have even chosen not to retain an email address, so any customers wanting to be on our mailing list, will need to contact us directly.
  7. And of course, our software has read-only access to customers’ data. There is no way that Castlight can alter data or transfer funds.

We are proud to be in the business of creating financial products that will help ensure that people can afford their mortgages and avoid the often catastrophic consequences of over-extending. But we’re also proud of the way in which the platform we have built to deliver our products is also helping to create “a safer financial world”.