Bank credentials are only ever stored in an encrypted state. This means that the customer's bank credentials can never be used by another person to access their account.
When entered by the customer, credentials are encrypted and then stored against a token. This token is then used to view the account details. At no stage do we have the ability to update/edit the account or view the credentials themselves. If for some reason the credentials are invalid, the only solution at our side is to delete the enrypted credentials and ask the user to go through the process again.
DirectID works with our ultra-secure data provider, Envestnet Yodlee, a market-leading data aggregation service renowned for its security, to access the bank data. With over 14 years' experience, Yodlee looks after the data, internet banking and payment solutions of leading global banks.
To recap: when your customer logins to their bank account via DirectID, neither we nor the business requesting verification will ever see, store or have access to the login credentials.