Security

1. Encryption

Data in Transit

All data transmitted between your device and Trustedregion is encrypted using TLS 1.3 — the latest and most secure version of the Transport Layer Security protocol. We enforce HTTPS everywhere and use HTTP Strict Transport Security (HSTS) to prevent downgrade attacks.

Data at Rest

Sensitive data stored in our databases — including account numbers, personal identifiers, and financial records — is encrypted using AES-256, the same standard used by financial institutions and governments worldwide.

2. Authentication

Two-Factor Authentication (2FA)

We strongly encourage enabling two-factor authentication on your account. Trustedregion supports authenticator apps (TOTP) for 2FA. Once enabled, signing in requires both your password and a time-based one-time code.

OTP Verification

High-value operations such as large transfers and card reveals require a one-time password sent to your registered email or phone. OTPs expire after 10 minutes and can only be used once.

Session Management

Sessions are invalidated on logout. We enforce session timeouts after periods of inactivity. Suspicious login attempts (new devices, unusual locations) trigger email notifications.

3. Fraud Protection

Real-Time Monitoring

Our systems analyse transactions in real time for patterns associated with fraud, money laundering, and unauthorised access. Suspicious activity is flagged immediately and may result in a temporary account hold pending review.

Zero Liability

If your Trustedregion card is used fraudulently without your authorisation, you are not liable for those charges. Report suspected fraud immediately via the app or at support@trustedregion.com.

Phishing Prevention

Trustedregion will never ask for your password, OTP, or full card number via email, SMS, or phone call. If you receive such a request, do not respond — report it to us immediately.

4. FDIC Insurance

Deposits held in Trustedregion accounts are held at FDIC-insured partner banks. Your deposits are insured up to $250,000 per depositor, per ownership category, in the event of bank failure — the same protection as any traditional bank.

5. Infrastructure

• Cloud security — Hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification
• DDoS protection — Network-level protection against distributed denial-of-service attacks
• Web Application Firewall — All HTTP traffic filtered through a WAF to block common attack vectors (OWASP Top 10)
• Penetration testing — Regular third-party security audits and penetration tests
• Backups — Encrypted, geographically redundant backups with tested recovery procedures
• Access controls — Principle of least privilege enforced for all staff and systems

6. Your Role in Security

Security is a shared responsibility. Here's how you can protect your account:

• Use a strong, unique password for Trustedregion — never reuse passwords
• Enable two-factor authentication in your account settings
• Never share your password, OTP, or card CVV with anyone
• Log out when using shared devices
• Keep your email address and phone number up to date so we can reach you
• Review your transaction history regularly and report anything unfamiliar
• Be cautious of phishing emails — check the sender address carefully

7. Report a Vulnerability

We take security disclosures seriously. If you discover a security vulnerability in Trustedregion, please report it responsibly:

• Email: support@trustedregion.com with subject "Security Vulnerability"
• Include a description of the issue and steps to reproduce it
• Do not publicly disclose the vulnerability until we've had a reasonable opportunity to address it

We will acknowledge your report within 48 hours and keep you updated on our progress. We appreciate responsible disclosure from the security community.

8. Contact

For security concerns or to report suspicious activity:

• Email: support@trustedregion.com
• Phone: 1-800-TRUSTED

For urgent fraud reports, call us directly — we have 24/7 support.