Security is a top priority for us all at Bottlepay. Here is what we do to ensure the security of our services and your security as a user.
Multi-factor authentication
We use multi-factor authentication, both when employees authenticate to our systems and also as part of our consumer mobile application. This means:
We require you to verify your phone number and email address when you first log in to authorise and verify your phone.
After this is complete, you will need your pin/password/biometric to log in (allowing you to pick whichever method you wish to protect your app.).
To mount a successful attack, an attacker would need to know your Bottlepay registered email address, your password and have access to your phone/SIM card.
Compliance procedures
As well as monitoring the security of our systems routinely, we also have rigorous compliance procedures to identify any instances of attempted fraud and to keep customers safe.
New login security feature
Logging out of your account or installing the app on a new device will require an identity check. This ensures that you and only you can access your account.
Incidents
In the unlikely event of an incident which impacts the confidentiality, availability or integrity of any data, our incident response team will follow our incident response process. This helps define the severity of incidents, how they should be handled, investigated and if/when we need to notify ICO and customers about an information security incident.
Bugs
Each new app update and feature is tested internally to catch and squash bugs before general release. We conduct regular security testing both internally and involving external companies to ensure we are identifying all possible bugs.
Disclosure
We also understand that nothing is 100% secure. Our disclosure policy sets out how we respond to reports of any system vulnerabilities.
Tip: We would like to remind you that Bottlepay will never contact you asking you for your PIN or password.