Data security is part of everything we do at Bond. It has to be.
Bond's environment is designed for more than compliance - it's designed to keep data safe using the highest security certifications such as SOC2 and PCI.
Certifications
Bond leads the industry in our security standards and undergoes regular external review and auditing.
SOC2
Bond undergoes an annual SOC2 assessment that validates the design and operating effectiveness of our security program. We regularly review the compliance of our critical vendors and a copy of our latest SOC2 report is available upon request and under NDA.
PCI-DSS
Bond security controls for data protection meet or exceed the Payment Card Industry Data Security Standard (PCI-DSS). While Bond does not process transactions, we do handle credit card data directly on behalf of our brands as part of our platform. Bond is committed to the PCI-DSS to ensure that consumer credit card data is protected while in our care. A copy of our latest PCI attestation of compliance (AoC) is available upon request and under NDA.
Secure platform
Our platform is designed for security from the ground up
Security policy
Bond’s full-stack platform combines modern APIs and SDKs, enterprise-grade infrastructure, and a full-featured sandbox so you can start transacting now.
Standards Compliance
Bond independently complies with all requirements from relevant security standards
Secure Cloud
Bond operates in an Amazon AWS VPC (virtual private cloud) and benefits from all of AWS security controls
Security and Privacy by Design
Bond’s platform is designed according to security and privacy principles at all times. Our control environment includes: full structured and unstructured data tracking across all data stores, secure vaulting of sensitive data, comprehensive security testing and event monitoring, least-privilege access, and much more
Shared Responsibility Model
Bond offers a highly secure platform and customers are required use the platform in a secure manner, too. Bond customers should share only the data that is needed and must comply with the terms of service. Business partners are required to adhere to strict banking standards
Data security
Data is structured, monitored, and controlled within Bond to meet or surpass the highest security standards
Vaulting
Sensitive data elements are confined to a single secure data vault. Platform components use tokenized data instead to perform all functions, ensuring that even if a data store is compromised, there is no risk to underlying sensitive customer data
Encryption
Data in Bond is always encrypted at rest and in transit using strong cryptography
24x7x365 SOC
Bond employs a real-time, around-the-clock security operations center to implement eyes-on-glass monitoring of security events across the entire platform
RBAC
Bond implements a least-privilege need-to-know role-based access control system across its entire platform. Only authorized staff can access sensitive data and only when needed to perform job duties
Customer and Data Segregation
Bond customer data is always segregated within the platform and there is no commingling of data
Strict Data Usage
Bond never uses customer data for our own purposes, except as necessary to provide services to our customers
.png)
Generate 2x the interchange of a debit card by offering your customers a credit builder card.
Retain customers and grow your user base
In the news
How a corporate lawyer and a finance guy ditched the rat race to build a 750 million barbershop app
‘It all goes back to creating access’: A day in the life of Roy Ng, co-founder and CEO of Bond
Fintech founder predicts the biggest 4 banks will be worth ‘less than $100 billion’ in 5 years