Skip to main content
Holdings
Security & Compliance

Security and compliance at Holdings

We use the same security infrastructure trusted by the world's largest financial institutions, with multiple layers of protection for your organization.

How We Protect Your Data

Enterprise-grade security at every layer

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption—the same standard used by banks and government agencies.

Enterprise Firewalls

Multi-layered firewall protection with intrusion detection systems monitor and block malicious traffic before it reaches our systems.

Strict Access Controls

Role-based access ensures employees only see data necessary for their job. All access is logged and regularly audited.

24/7 Monitoring

Our security operations center monitors for threats around the clock, with automated alerts for any suspicious activity.

Regular Penetration Testing

Independent security firms conduct quarterly penetration tests to identify and fix vulnerabilities before they can be exploited.

Secure Infrastructure

Our systems run on SOC 1 certified cloud infrastructure with redundant backups and disaster recovery capabilities.

SOC 1 Type II Certified

Annual third-party audits

Independent auditors verify our security practices annually. A SOC 1 Type II report means a qualified third party has examined our controls over an extended period and confirmed they meet rigorous standards.

This audit covers everything from how we handle your data to how we manage access to our systems—giving you confidence that your financial information is in safe hands.

FDIC-Insured Banking

Through i3 Bank, Member FDIC

Your deposits are held at i3 Bank, a Member FDIC institution. Through our network of program banks, deposits are insured up to $3 million—12 times the standard FDIC limit.

Learn more about i3 Bank
Two-Factor Authentication

Extra protection for your account

We support two-factor authentication (2FA) to add an extra layer of security to your account. Even if someone obtains your password, they won't be able to access your account without the second factor.

  • Authenticator apps (Google Authenticator, Authy, etc.)
  • SMS verification codes
  • Biometric login on mobile (Face ID, Touch ID)
Enable 2FA in Settings

How to enable 2FA

  1. 1Log in to your Holdings dashboard
  2. 2Go to Settings, then Security
  3. 3Click "Enable Two-Factor Authentication"
  4. 4Scan the QR code with your authenticator app
  5. 5Save your backup codes in a secure location

Our Commitment

In the unlikely event of a security incident affecting your data:

  • We notify affected users within 48 hours
  • We work with regulators and law enforcement as required
  • We provide clear guidance on steps you should take
  • We offer identity protection services if personal data is involved
Incident Response

Security Incident Response Policy

While we work hard to prevent security incidents, we also have a comprehensive response plan in place. Transparency and swift action are our priorities.

Our dedicated security team continuously monitors for threats and has documented procedures to contain, investigate, and remediate any incidents that may occur.

Data Residency

Where Your Data Lives

Your data is stored in Amazon Web Services (AWS) data centers located in the United States. These facilities feature:

Physical Security

24/7 guards, biometric access, video surveillance

Redundancy

Multiple availability zones for high availability

Compliance

SOC 1/2/3, PCI DSS, ISO 27001 certified

Backups

Automated daily backups with point-in-time recovery

Your money is protected

Beyond data security, we protect your deposits with comprehensive FDIC insurance and fraud protection measures.

  • FDIC insured deposits up to $3 million through our program banks*
  • Zero liability for unauthorized transactions
  • Instant card freezing from the mobile app
  • Automatic fraud detection and alerts
  • Secure data centers with physical access controls
  • Regular penetration testing by third-party firms

i3 Bank

Our Banking Partner

Holdings partners with i3 Bank to provide secure, FDIC-insured banking services. i3 Bank is a Member FDIC institution with decades of experience in banking infrastructure.

Member FDIC

Questions about security?

Our security team is happy to answer any questions about how we protect your data and money.

Get StartedContact Security Team

Holdings is a financial technology company and is not a bank. Banking services are provided by i3 Bank, Member FDIC. The Holdings Visa Debit Card is issued by i3 Bank pursuant to a license from Visa U.S.A. Inc. and may be used anywhere Visa cards are accepted.