Is anyone using FinWise?

H

Halogen

Well-Known Member
Joined
Nov 6, 2008
Messages
325
Reaction score
20
Keen to know if anyone is using https://finwiseapp.io/ Seems like a paid 22Seven competitor, just not sure how secure it is. I know they say they use the same encryption as banks, but yeah. I found zero results on mybb for it.
 
Hey @Halogen - I am Jason, the CEO & Co-founder of FinWise :) Just came across this thread now.

If you'd like to learn more about our security, we have a page where we go into a little more detail with specifics about how our security works here: https://finwiseapp.io/security

Also, if you have any questions, I'd be happy to answer here or chat more over a Zoom call :)
 
jackrussell93 said:
Hey @Halogen - I am Jason, the CEO & Co-founder of FinWise :) Just came across this thread now.

If you'd like to learn more about our security, we have a page where we go into a little more detail with specifics about how our security works here: https://finwiseapp.io/security

Also, if you have any questions, I'd be happy to answer here or chat more over a Zoom call :)
Click to expand...
Show us your last PCI-DSS audit result please.
 

Attachments

  • 1726576007859.jpeg
    1726576007859.jpeg
    5.5 KB · Views: 8
jackrussell93 said:
Hey @Halogen - I am Jason, the CEO & Co-founder of FinWise :) Just came across this thread now.

If you'd like to learn more about our security, we have a page where we go into a little more detail with specifics about how our security works here: https://finwiseapp.io/security

Also, if you have any questions, I'd be happy to answer here or chat more over a Zoom call :)
Click to expand...
Per forum rules, please register as a company rep.
 
From the website:
"As soon as we complete our audits, the audit and reports will be made available to the public on our website."

Better be careful, PASA will have something to say about that.

Their website does nothing more to touch upon the same stuff used by others, Xero, for example also use Yodlee. But not a word about the internals, and whether it has stood up to a PCI-DSS audit, because I bet there's none.

Lots of these start-ups that have tried to woo me to come work for them, have also had similar statements on their websites and in interviews with me.
 
PaulMurkin said:
Show us your last PCI-DSS audit result please.
Click to expand...
We have not yet done a PCI-DSS audit, but we are aiming to complete PCI/SOC2/ISO audits in the next couple of months. The main reason we have not done them yet is that they are very expensive and time-consuming, and we are still a relatively young startup.

Some more info on our PCI/PII though:
1. We do not handle, process or store any credit card or payment information what-so-ever, it is all managed by our billing provider, Stripe. The only billing-related information we store is a Stripe subscription ID, and whether the subscription is active or not.
2. The only personal identifiable information we store is first name, last name and email addresses, and It's just for email/contact purposes, and people are welcome to use anonymous info for this of course. Yodlee/Plaid can _optionally_ pull in account numbers when they are used to connect to banks, but this option is disabled by default.

Otherwise, between myself and my co-founder, we've worked at companies like Allan Gray, Root, Jumo, and OfferZen where we have gotten exposure designing and building secure, compliant and robust systems.

At my time at Root for instance, I helped the team complete their SOC2 audits, and I was responsible for integrations between Root any many other banks, insurers, retail companies and billing providers like Sanlam, Standard Bank, PeachPayments, Mr Price, and to some extent EasyEquities and Investec. So I have experience building secure and compliant systems, and handling extremely sensitive customer information like bank accounts, credit cards, addresses and other personal information like health records, insurance claims etc from my ~2.5 years at Root.

But otherwise, like we mention on our website, we aim to make our audits available as soon as they are completed, and we also aim to make FinWise completely open source (With full git history) once we reach critical mass to help build trust and prove security/compliance.

Happy to answer any questions :)
 
Bingo:
We have not yet done a PCI-DSS audit, but we are aiming to complete PCI/SOC2/ISO audits in the next couple of months. The main reason we have not done them yet is that they are very expensive and time-consuming, and we are still a relatively young startup
Click to expand...
Here's some good advice. Get it done before you launch/create a platform. You'll thank me later when the regulatory bodies come sniffing about. I do think you are in for trouble, you should have known about this beforehand.
 
Now we need to subscribe to financial budgeting like we subscribe to Netflix.
Oh how i miss Microsoft Money!.

I'll stick to Excel and AI.
 
PaulMurkin said:
Bingo:

Here's some good advice. Get it done before you launch/create a platform. You'll thank me later when the regulatory bodies come sniffing about. I do think you are in for trouble, you should have known about this beforehand.
Click to expand...
Thank you for your input.

I'm not sure why you've jumped to the conclusion that I don't know about these things. We've already completed numerous due-diligence reports and requirements for being able to integrate with our data providers (Yodlee and Plaid) in the first place, and we've been in communication with regulatory agencies in both South Africa and the US as part of becoming fully compliant in these countries.

We're also in talks with various banks in South Africa in order to directly integrate with them using OAuth, and so will likely soon be doing more due-diligence and compliance work in order to integrate with these banks. Our audits and reports will likely come as part of these integrations, and like we mention on the website, will then be publicly available on our website (as much as can be).

I do think your skepticism and concern is warranted, and I'd encourage it given the nature of our product, but like I said, we aim to build trust with transparency and by building up a good track-record over time. We have to start somewhere :)
 
LostThePlotNot said:
Now we need to subscribe to financial budgeting like we subscribe to Netflix.
Oh how i miss Microsoft Money!.

I'll stick to Excel and AI.
Click to expand...
Our biggest costs are our data providers, just being able to fetch transactions over an API basically. We'll likely introduce a free option for manual CSV/statement imports in the future :)
 
Hi Jason, I completely forgot about this thread. Have actually been using you for months since the thread was posted.
 
Yeah so used it for I think just under a year or so, much changed in my life, moved banks, etc. Most of the bugs were solved but there was still issues with net worth which caused me to lose all steam eventually (they probably have been fixed). I realised what I needed which is quite a departure from most of the current tools.

Proper feedback would be way too long. But I can just give the example of Android vs Apple. To me, most of the current tools take an Android approach instead of the Apple approach. One easy example is how FinWise treats end of month salary (and debit orders) versus how the human brain treats it (there are 12 times debit orders go off, so why on earth will there ever be some months with no bars and others with double height ones). The tool is technically correct, but practically misses it for my case.

To sum it up, there is no way to please everyone, there are people who love android phones, in my case I prefer iPhones. All the best.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X