System security
Bank grade security
Truss partners with Thread Bank to ensure security and compliance. Our system integrates with the same secure systems they use, ensuring bank-grade security for your transactions every step of the way.
Trusted providers
The Truss infrastructure is hosted with GCP (Google Cloud Platform), one of the leading hosting providers in the world. Their services are certified with ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and SOC 1/2/3.
Separation of duties
In accordance with industry best practices, we strictly separate cloud environments for development and production servers. To avoid security or privacy incidents and errors, we apply distinct security guidelines for each environment and allow minimum access to data that is needed by the requesting entity.
Access to data
All customer data is treated as equally sensitive and under stringent control. Access to customer data is highly restricted and only granted when absolutely necessary and in accordance with our compliance. Only authorized employees within Truss have access to customer data.
In-house support
Our internal team of experts is there for you to quickly resolve issues and questions whenever needed.
Application security
Encryption
All data sent between our customers and our applications is encrypted in transit and in rest to protect it from unauthorized disclosure or modification. We use 256-bit SSL encrypted payments, the same standards adopted by governments and financial institutions.
NSF prevention
When using our online bank login feature, we validate whether your counterpart has enough funds in their account before performing a transaction to make sure you don't have to deal with NSF's.
Secure bank connections
Truss uses Plaid to connect securely with your bank account. Plaid is compliant with well-known internationally-recognized security standards like ISO 27001, ISO 27701, and SSAE18 SOC 2. To find out more, visit the Plaid website.
Two-factor authentication
We double up on security by protecting your Truss account with two-factor authentication (2FA). Two-factor authentication protects your account from a potential compromise by requiring two methods to verify your identity.
Fraud detection
Truss' advanced fraud detection algorithms keep funds safe from bad actors at all times.
Compliance standards
SOC 1 and SOC 2 audited
The audit was conducted by Dansa D’Arata Soucia LLP (www.darata.com). In doing so, Truss maintains its adherence to one of the most stringent, industry-accepted auditing standards for service companies and provides additional assurance to its clients, through an independent auditor, that its business process, information technology and risk management controls are properly designed. Learn more at www.aicpa.org/soc4so.
Direct bank-to-bank transfers
All transactions are processed via direct debit/direct credit payments. These are considered electronic transfer of funds (EFT) through the ACH (Automated Clearing House) system. The ACH is a centralized architecture that connects banks.
