When you trust us with your money, security isn't optional—it's everything. Here's a transparent look at how Stratum Remit protects your funds and data.
Our Security Philosophy
Defense in depth: We don't rely on any single security measure. Multiple layers of protection ensure that even if one is compromised, your money and data remain safe.
Regulatory Compliance
Money Transmitter Licenses
- Capital reserves
- Consumer protection
- Anti-money laundering (AML)
- Suspicious activity reporting
NMLS Registration
We're registered with the Nationwide Multistate Licensing System (NMLS #2116903), meaning we meet federal and state requirements for money transmission.
Data Protection
Encryption
In Transit: All data between your device and our servers is encrypted using TLS 1.3—the same encryption used by banks.
At Rest: All stored data is encrypted using AES-256, the gold standard for data protection.
Data Minimization
We only collect data we absolutely need. We don't sell your data, and we don't share it except as required to complete transfers or comply with law.
Account Security
Multi-Factor Authentication
- Something you know (PIN or password)
- Something you have (your phone)
- Something you are (fingerprint or face)
Biometric Protection
Transfers require biometric confirmation—Face ID or fingerprint. Even if someone has your phone, they can't send money without your biometrics.
Session Management
- Automatic logout after inactivity
- Ability to remotely log out all sessions
- Alerts for new device logins
Transaction Security
Real-Time Monitoring
- Unusual amounts
- New recipients
- Geographic anomalies
- Velocity checks (too many transfers too fast)
Manual Review
Flagged transactions are reviewed by our security team before processing. This may cause slight delays but ensures protection.
Fraud Detection AI
Machine learning models trained on millions of transactions identify potential fraud that rule-based systems would miss.
Infrastructure Security
Cloud Security
- SOC 2 Type II certification
- ISO 27001 compliance
- Regular penetration testing
- 24/7 security monitoring
Access Controls
- Employees have minimum necessary access
- All access is logged and audited
- Regular access reviews
- Background checks for all employees
What We Do If Something Goes Wrong
Incident Response
We have a detailed incident response plan: 1. Immediate containment 2. Customer notification within 24 hours if data is affected 3. Full investigation 4. Remediation and prevention measures
Account Recovery
- Immediate freeze of all transactions
- Identity reverification process
- Review and reversal of unauthorized transactions
- Enhanced monitoring going forward
How You Can Stay Safe
Strong Authentication - Use a unique, strong PIN - Enable biometric authentication - Don't share login credentials
Device Security - Keep your phone's OS updated - Don't jailbreak or root your device - Use a screen lock
Transaction Vigilance - Verify recipient details before sending - Be wary of requests from strangers - Report suspicious activity immediately
Our Certifications and Audits
| Standard | Status | |----------|--------| | SOC 2 Type II | Compliant | | PCI-DSS | Compliant | | AML/KYC | Fully Implemented | | Regular Penetration Testing | Quarterly |
Transparency Commitment
- We publish our security practices
- We have a bug bounty program for researchers
- We notify customers of any incidents
- We continuously improve based on new threats
Questions?
- Email: security@orokii.com
- In-app: Report to Kora
- Phone: (646) 535-8730
Conclusion
Security isn't a feature—it's the foundation of everything we do. When you send money with Stratum Remit, you're protected by multiple layers of security, regulatory compliance, and a team dedicated to keeping your money safe.
Trust is earned, and we work every day to deserve yours.