kitmoji-happy-1

Security

What security is like at Kit.

Security philosophy

Kit is built by x15ventures, which is wholly owned by CommBank. Central to Kit's development philosophy is the mantra of "safe, sound, secure".

Security is a core focus for us, not something we sacrifice in order to develop at pace. We design security into everything we build, not consider it an afterthought. We implement a range of measures to ensure that our software and the systems hosting it are as secure as possible, such as automated security tests in the build and CI systems, penetration testing and source code auditing, and vulnerability and patch management.

Security operations

Our Security Operations Centre (SOC) constantly monitors for indicators of compromise and responds to reports of vulnerabilities and breaches. We treat resolution of security vulnerabilities and incidents as a critical priority.

Security risk management & regulatory compliance

As we operate in the sphere of financial technology, various regulations apply, from regulators including ASIC, APRA and the ACCC. As part of a broader risk management framework, we ensure compliance with relevant regulatory standards such as APRA CPS 234 and the CORIE framework.

Scams, fraud, and suspicious behaviour

Scams and fraud are a major concern in today’s financial services environment. Our dedicated security team works alongside the Commonwealth Bank to implement a number of technologies to identify and prevent scams and fraud. More details on how to protect yourself can be found on CommBank’s website, including information on Credit Savvy's SavvyShield feature that protects against digital identity theft. 

If you have received a message that looks suspicious, please report it to us via hoax@x15.com.au, including emails and any other interactions you have had with the suspected fraudsters.

Reporting security vulnerabilities

Please report any security issues you find in the Kit website or app to: security@heykit.com.au.

Anyone can send an email to this address. It will be read by the team, who will co-ordinate resolution of any reported security issues in confidence.