Security

Last updated: 26 August 2025

At Tranz Digital Bank, security is not a feature — it's our foundation. We protect your money, your data, and your business with layered defenses, strong compliance, and continuous monitoring across our 30-country network. We are officially registered and licensed in the Comoros Islands, British Virgin Islands, and Dominica.

1. Defense-in-Depth

  • Encryption Everywhere: TLS 1.2+ in transit; AES-256 at rest.
  • Key Management: HSM-backed keys, strict rotation, and separation of duties.
  • Tokenization: Sensitive payment data is replaced with secure tokens; card PANs are never stored in application databases.
  • Zero-Trust Access: Least-privilege permissions, short-lived credentials, and continuous access reviews.
  • Secure SDLC: Threat modeling, code reviews, SAST/DAST, and supply-chain controls on every release.

2. Account & App Protection

  • Strong Authentication: Email/phone verification + 2-Step Verification (2FA). Optional biometric sign-in on supported devices.
  • Session Security: Device binding, re-auth for sensitive actions, automatic logout on inactivity, and anti-phishing checks.
  • Real-Time Alerts: Instant notifications for logins, transfers, card usage, and changes to security settings.
  • Fraud Monitoring: Behavioral analytics and anomaly detection to flag suspicious activity.

3. Payments & Cards

  • Internal Transfers: Free, instant, and protected inside our 30-country network.
  • Strong Customer Authentication: 3-D Secure 2 where applicable for online card payments.
  • Risk Controls: Velocity limits, step-up verification, and dynamic transaction scoring.
  • Dispute Support: Clear workflows for chargebacks and buyer/seller protection on the Marketplace.

4. Marketplace Safety

  • Verified Sellers: Merchant KYB checks before listing.
  • Trust Tools: Ratings, order evidence, and secure in-app chat with abuse filters.
  • Resolution Center: Escrow/dispute workflows to protect both customers and merchants.
  • Promo Integrity: Promotions and free listings (for accounts opened before November 2025) are screened against abuse.

5. Compliance & Privacy

  • Regulatory Alignment: AML/CTF, sanctions screening, and ongoing monitoring.
  • Card & Payments: Controls aligned with PCI DSS requirements; card data handled via tokenization and vaults.
  • Data Protection: Data minimization, purpose limitation, and privacy by design.
  • Cross-Border Safeguards: Contractual safeguards and encryption for international data transfers within our network.

6. Business & API Security

  • Modern Auth: OAuth 2.0 / API keys, granular scopes, IP allow-listing (optional).
  • Integrity: Idempotency keys, replay protection, HMAC-signed webhooks with secret rotation.
  • Resilience: Rate limiting, WAF, circuit breakers, and graceful degradation under load.
  • Developer Hygiene: Separate sandbox, no real customer data in test environments.

7. Infrastructure & Operations

  • Hardened Cloud: Segmented VPCs, private subnets, and managed secrets.
  • Monitoring & Logging: Centralized logs, SIEM correlation, and 24/7 on-call response.
  • Backups & Continuity: Encrypted backups and tested disaster-recovery runbooks (RTO/RPO objectives available on request).
  • Third-Party Risk: Vendor due-diligence, contractual DPAs, and continuous performance checks.

8. Independent Testing & Assurance

  • Penetration Tests: Regular external and internal pen tests on apps, APIs, and infrastructure.
  • Vulnerability Management: CVE triage, patch SLAs, and emergency out-of-band fixes for critical issues.
  • Responsible Disclosure: We welcome security research and offer a disclosure channel (security@tranzdb.com). PGP available on request.

9. Your Security Checklist (Shared Responsibility)

  • Enable 2-Step Verification and keep your device OS updated.
  • Use strong, unique passwords (or a password manager).
  • Verify payment recipients; be wary of unusual links or requests.
  • Contact us immediately if you suspect fraud or account compromise.

10. Incident Response

  • 24/7 Response: Dedicated team monitors and acts on threats around the clock.
  • Customer Notice: If your account is impacted, we notify you and provide guidance.
  • Regulatory Reporting: We meet all notification requirements under applicable laws.

Need Help or Want to Report a Security Issue?

Security Team: security@tranzdb.com

Support (24/7): support@tranzdb.com | +44 7577 382335

Tranz Digital Bank — Security you can trust. Freedom you can use.