Trust & Safety

Security

Your security is our top priority. Here's how we protect you.

256-bit

SSL Encryption

2FA

Authentication

PCI DSS

Compliant

24/7

Monitoring

Encryption in Transit

  • 256-bit SSL/TLS encryption for all web and mobile communications
  • HTTPS protocol enforced across all endpoints
  • Certificate pinning prevents man-in-the-middle attacks on mobile apps

Encryption at Rest

  • AES-256 database encryption for all sensitive data fields
  • Encrypted backups stored on isolated secure servers
  • Encryption keys managed using industry best practices

Multi-Factor Authentication

  • SMS-based one-time passwords (OTP) for all sensitive operations
  • Email verification codes
  • Biometric authentication (Face ID, fingerprint) on supported devices

Session Management

  • Automatic logout after periods of inactivity
  • Device recognition and suspicious login detection
  • Ability to remotely log out of all devices

Real-Time Monitoring

  • Unusual transaction pattern detection
  • Multiple failed login attempt protection
  • Access from suspicious locations or devices flagged
  • Large or unusual transactions require additional verification

KYC & AML Compliance

  • Government-issued ID verification via NIRA
  • Address verification and source of funds declaration
  • Enhanced due diligence for high-value accounts

Segregated Accounts

  • Customer funds held separately from company operating funds
  • Multiple banking partnerships for fund distribution
  • Daily reconciliation of all customer balances

Payment Security

  • PCI DSS Level 1 compliant payment processing
  • No storage of full card numbers on our servers
  • Tokenization of all payment information

Secure Hosting

  • Enterprise-grade hosting with 99.9% uptime guarantee
  • DDoS protection and Web Application Firewall (WAF)
  • Intrusion Detection and Prevention Systems (IDS/IPS)

Network Security

  • Virtual Private Cloud (VPC) isolation
  • Network segmentation and role-based access controls
  • Regular vulnerability scanning and penetration testing

Our security team monitors systems around the clock and responds immediately to any incident. In the unlikely event of a data breach, affected users will be notified within 72 hours, regulatory authorities informed as required, and full transparency maintained throughout.

Your Responsibility

Security is a shared responsibility. Help us keep your account safe:

  • Use a strong, unique password for your AfriVest account
  • Enable two-factor authentication (2FA)
  • Never share your OTP codes or password with anyone
  • AfriVest will NEVER ask for your password via email or SMS
  • Report suspicious activity immediately to security@afrivest.co

Report a Security Issue

Found a vulnerability? We have a responsible disclosure policy and eligible reports may qualify for rewards.

security@afrivest.co →
Back to Home Questions? Contact us →