Open banking: European first for Linxo Group to obtain ISO 27001 security certification for its payment institution
Aix-en-Provence - February 24, 2020
Linxo Group's authorised payment institution, Oxlin, becomes the first payment institution in the European Union to achieve the ISO 27001 security certification for PSD2 services. This certification proves that the high level of protection and control of its information system is consistent with the sensitivity of the information and personal data processed. The Aix-en-Provence-based Fintech is thus gaining a head start in the IT ecosystem and demonstrating once again that the security of banking data has always been, and continues to be, its top priority. The ISO 27001 security certification provides additional digital trust to its customers and partners, as well as to their three million application users in France.
A European first
Oxlin becomes the first and only PSD2 ("Third Party Provider" or TPP) authorised institution in the EU to have obtained the ISO 27001 security certification for its open banking activity, proving its commitment to the highest security standards in the field.
ISO-27001 safety certification: the key points
The Linxo Group includes Oxlin's PSD2-approved payment institution operations and Linxo's smart financial assistant operations.
The ISO 27001 security certification proves that Oxlin is able to identify potential cyber threats, control the risks associated with the information it holds and protect its confidentiality. The institution therefore has excellent control of the risks concerning the security of physical or cloud data.
Being ISO 27001 certified means that Oxlin has created a robust information system to guard against data loss, theft and alteration through the defence of information systems. This international standard defines the rules for an effective and ever-improving Information Security Management System (ISMS).
The ISO 27001 safety certification is valid for a three-year cycle, which includes an initial audit, and during which surveillance and renewal audits will be conducted.
Security of personal data is a priority for Linxo Group
As Bruno Van Haetsdaele, Chairman of Linxo Group, explains, "Our core business is based on the processing of banking data. Data protection is at the heart of Linxo's DNA and has been a constant obsession for our team since the company was founded in 2010. We have always protected this data and we are aware that risks exist, so getting ISO 27001 certification shows that we provide a state of the art service when it comes to dealing with potential risks and that we are able to manage incidents, should they occur."
Achieving ISO 27001 certification is the result of several years of work by Linxo Group and its Oxlin unit.
In 2017, the European Banking Authority (EBA) published its "Guidelines on security measures for operational and security risks under the PSD2", which are based on the international standard ISO 27001. Adopting the ‘guidelines’ was not enough for Linxo Group, who wanted to go further and obtain a standardised international certification that validated the measures adopted.
In 2018, Oxlin, a subsidiary of Linxo Group, was one of the first companies in Europe to be granted PSD2 payment institution authorisation. The approval obtained by Oxlin was already a guarantee of a high level of data protection, since this authorisation is subject to the security advice that the Banque de France must provide.
To add to the certification of Oxlin's information system, Linxo Group chose to undergo further audits by the conformity assessment body LSTI, chosen for its reputation for excellence and high technicality, and the auditors inevitably noted "the great maturity in the management of its information system".
About Linxo Group
Since 2010, Linxo Group has been developing and marketing solutions for account aggregation, payment initiation and personal finance management.
The platform of its subsidiary Oxlin, a payment institution authorised by the ACPR [French Prudential Supervision and Resolution Authority], provides all the technology to access banking data and initiate transfers (services regulated by the Revised European Payment Services Directive, known as PSD2), with the customer's consent and in a totally secure manner. The services it offers range from API (Application Program Interface) bricks to complete white-label mobile app solutions covering the needs of start-ups as well as banks and insurance companies. These solutions enable the development of new services and new sources of revenue on multiple use cases: budget management, credit granting paths, accounting, loyalty, etc.
Its mobile application Linxo, which is already installed and used by more than 3 million people in France, is an intelligent financial assistant, which allows everyone to have an overview of their finances and to simplify the management of their money.
The company has 81 employees, mainly in Aix-en-Provence and in the Crédit Agricole Villages in Paris and Sophia Antipolis.
+33 (0)7 67 43 75 58
Crédit Agricole Group takes a majority stake in Linxo Group
Aix-en-Provence, 28 January 2020
This is a new page in our history that is being written today: we have decided to join the Crédit Agricole group which has taken a majority stake in the capital of Linxo Group (press release). It is an important proof of trust in the solidity of the Linxo Group technologies and a way for us to accelerate our development. Thank you, dear partner, for your trust. This change is also great news for you: here's why.
What is changing for you?
Nothing ! We will continue to operate as an independent company and will continue to provide the best service to all our partners. The Oxlin teams you know stay in place. We will continue to make our technologies available to serve your use cases, to develop the coverage and quality of our APIs and to innovate with you for your customers.
What will this operation enable?
The objective of this operation is to strengthen our position as leader in France and to expand it.
This backing will allow us to invest on several levels:
- Invest in the technological changes necessary to take advantage of the opportunities of the European directive PSD2 (Payment Services Directives n ° 2). At the start of 2018, we were one of the very first European payment services providers to obtain the ACPR - Banque de France license for the regulated services of the PSD2. We have invested heavily in access to banking APIs. We will continue to invest heavily in the coming years.
- Extend our geographic presence in Europe to support you and respond to use cases that are developing in other countries
- Expand our connection coverage
- Enrich our categorization and financial data processing algorithms to always create more value for your customers
These investments will allow us to offer a more stable account access and payment initiation service, still as secure, and even more extensive.
The Linxo Group adventure is accelerating thanks to you.
Bruno Van Haetsdaele
Linxo Group CEO