finway fulfils the requirements of the GoBD and enables finance teams to comply with specific requirements of the German tax authorities for the proper management and storage of digital records and documents. The immutability of data, a principle of the GoBD, is ensured, for example, by the fact that documents can no longer be changed after the accounting audit and can be archived in an audit-proof manner at any time. In addition, all changes are automatically recorded and documented in finway so that they can be traced at any time.
We take the protection of personal data seriously. At finway, we attach great importance to the security of the personal data entrusted to us and process all personal data in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). We are committed to taking all necessary precautions to ensure the security and protection of your data and to protect ourselves from any incidents.
We have various technical and organisational measures in place to protect your data and your money. Our databases are ‘at-rest’ encrypted and data is backed up every day with high security standards to guarantee its availability.
Our virtual card system is provided by weavr (Paystratus Group Ltd, ISO 27001 certified) and offers the highest level of security by encrypting all data, both in transit and in the background. Industry-leading encryption standards such as AES-256-GCM are used. Weavr fulfils the strict requirements of PCI DSS v4 for Level 1 service providers and carries out regular audits to identify and rectify potential vulnerabilities at an early stage.
The databases and servers are hosted and maintained by AWS (Amazon Web Services) and comply ISO/IEC 27001:2002. Our data storage takes place on an AWS server in Frankfurt am Main, backups are made in Paris (France). All data is secured by state-of-the-art encryption technologies.
finway is regularly tested for security vulnerabilities using so-called penetration tests. This involves IT experts attempting to infiltrate the system like hackers in order to find potential vulnerabilities. This enables us to rectify these at an early stage and ensure that your data and transactions are optimally protected.
Secure by design – we integrate security into finway.
You can control the authorisation and authentication of your employees’ access to finway with Google Single Sign-On and the Microsoft Entra ID.
Our platform supports two-factor authentication (2FA) and requires a second proof of identity to verify transactions and account activity.
Our virtual card system conforms to PSD2 rules, ensuring customer authentication. With 3DS it protects against unauthorised access.
We have summarised the most frequently asked questions and answers on the subject of security at finway.
How does finway ensure that subcontractors employed in an unsafe third country comply with the European level of data protection?
Standard contractual clauses have been concluded and TIAs drawn up with all subcontractors based in unsafe third countries. These can be provided on request. In addition, all hosting was relocated to Germany for all subcontractors from an unsafe third country, as far as this was technically possible, in order to increase the security standard.
Which security measures have been implemented to ensure that virtual cards are safe and secure?
Our virtual card system is provided by weavr (Paystratus Group Ltd, ISO 27001 certified). Data is encrypted both in the background and during transmission. To protect sensitive information, all cardholder data is encrypted in the background using industry-leading encryption protocols – AES-256-GCM and appropriate padding mechanisms.
Is it possible to make contactless payments with finway company cards?
Yes, you can add both physical and virtual finway company cards to your Apple Pay or Google Pay digital wallets. This means that their security standards apply to contactless payment.
We will be happy to find that out in a meeting with you. A few points for orientation – finway is suitable for companies that:
Does this sound like you? Then schedule a free demo now! Our experts will guide you through finway in 30-45 minutes and work out the potential for your company with you.
