Protecting the financial and personal data of the businesses we work with is a core operational responsibility, not an afterthought. Here is a plain overview of the measures we have in place.
Technical controls
- Encryption in transit: All data exchanged between your browser or app and our servers is encrypted using TLS. We do not support legacy protocol versions.
- Encryption at rest: Sensitive data stored on our infrastructure is encrypted at the database and file-system level.
- Access controls: Staff access to production data is role-based and logged. Only staff with a legitimate operational need can view account-level records.
- Multi-factor authentication: Portal accounts and internal administrative systems require MFA.
Organisational controls
- Regular internal and third-party security testing, including penetration testing
- Staff data-protection training and clear acceptable-use policies
- Vendor due diligence: all third-party processors are vetted and contracted under data-processing agreements
- An incident-response plan covering containment, notification, and remediation
What to do if you suspect a breach
If you believe your portal account has been compromised — for example, you see unexpected activity or receive login alerts you did not trigger — contact us immediately at security@credicorp.co.uk. We treat all such reports seriously and will act quickly to secure the account.
We lend only to UK limited companies and LLPs, and the loan is to the company with no director personal guarantee. As business finance outside the consumer-credit regime, it is not covered by the Financial Ombudsman Service or FSCS.
See also: Who Credicorp shares your business data with, What data Credicorp collects from your business.