Security

Testing our systems

We recognise that security testing is an important part of protecting our client’s privacy. Our software development process includes automated testing based on the widely recognised OWASP standard and also scripted testing by professional software testers.

Encryption of data

All communication between our servers and your computer is encrypted using SSL encryption which can be verified by the presence of a closed lock icon in the address bar of your browser. Moreover, our extended validation SSL certificate indicated by the name “SME Capital” appearing in the address bar to the left of the website address carries the assurance that the certificate authority performed additional identity checks before issuing the certificate.

Server protection

Our servers are protected by firewalls which restrict all but the necessary communication to and from our systems. Security patches are regularly and automatically applied to our underlying operating system and installed software.

Authentication

All access to private data is subject to being logged in with a username and password set by you. Your password is stored in an encrypted format on our servers and SME Capital enforces a strong password policy to reduce the chances of your password being guessed by a third party. Additionally, the use of two-factor authentication for sensitive operations such as setting and changing passwords offers further protection from account hijacking.

Session time-outs

Logged in sessions are automatically terminated after a certain period of activity to avoid your account being accessed without your knowledge.

Company details

The SME Services & Holdings Limited group of companies, trading as SME Capital™

5th Floor, 101 Wigmore street, London W1U 1QU

Registered in England and Wales under company no.: 12579992.