Premier-grade protection for every account, every transaction, and every customer across 180+ global markets.
Six layers of security work together to safeguard your financial assets and personal data
Every piece of data at rest and in transit is encrypted using Advanced Encryption Standard with 256-bit keys, the same standard used by the U.S. military and intelligence agencies.
All account access requires two or more verification factors: something you know (password), something you have (token/phone), and optionally something you are (biometrics).
AI-powered systems analyse every transaction in real-time against behavioural baselines. Anomalies trigger instant alerts and automatic transaction holds to prevent losses.
Our infrastructure operates on a zero-trust model where every access request is fully verified regardless of origin. No implicit trust is granted to any device, user, or network segment.
Our Security Operations Centre staffed by certified analysts monitors all systems 24/7/365 from redundant facilities in New York, London, and Singapore.
Automatic session timeouts, device fingerprinting, IP geolocation tracking, and forced re-authentication ensure that only you can access your accounts from authorised devices.
Independently audited and certified by leading global security standards bodies
Annual audit of security, availability, processing integrity, confidentiality, and privacy controls
International standard for Information Security Management Systems (ISMS)
Highest level of Payment Card Industry Data Security Standard certification
Full compliance with Federal Financial Institutions Examination Council guidelines
Our banking infrastructure is engineered for resilience, redundancy, and regulatory compliance at every layer.
Penetration Testing: Our systems undergo comprehensive penetration testing by independent, CREST-accredited security firms at least twice annually. Results are reviewed by the Board Risk Committee and remediation timelines are strictly enforced.
Understanding the threat landscape helps you and TONHANKS work together to keep your accounts secure.
| Threat | Description | TONHANKS Countermeasure | Severity |
|---|---|---|---|
| Phishing | Fraudulent emails or texts impersonating TONHANKS to steal credentials | DMARC/DKIM email authentication, customer awareness alerts, URL filtering | High |
| Account Takeover | Unauthorised access using stolen credentials from third-party breaches | Mandatory MFA, credential monitoring, device fingerprinting, login anomaly detection | High |
| SIM Swap | Attacker transfers your phone number to intercept SMS codes | Hardware token support, app-based authentication, SIM change monitoring | Medium |
| Wire Fraud | Social engineering to redirect legitimate wire transfers | Dual-approval for wires over $10,000, callback verification, 24-hour hold on new payees | High |
| Malware/Keyloggers | Software that captures keystrokes or screenshots on compromised devices | Virtual keyboard option, encrypted session tokens, device health checks | Medium |
| Man-in-the-Middle | Interception of data between your device and our servers | TLS 1.3 with certificate pinning, HSTS enforcement, session integrity validation | Low |
While we deploy enterprise security on our end, these best practices help protect your accounts from your side.
Remember: TONHANKS will never contact you asking for your full password, transfer token, PIN, or security answers. Any communication requesting this information is fraudulent and should be reported immediately.
Time is critical. If you notice suspicious transactions, unrecognised login attempts, or if your credentials may have been compromised, contact our Fraud Response Team immediately. We are available 24 hours a day, 7 days a week.
Common questions about your account security and our protection measures
Do not click any links or download attachments. Forward the email to security@tonhanks.com, then delete it. If you already clicked a link and entered any information, contact our Fraud Team at security@tonhanks.com immediately and change your password from a trusted device.
All wire transfers require multi-factor verification through your transaction token. Transfers above $10,000 require dual-approval. New payees are subject to a 24-hour hold period for verification. Our fraud detection AI monitors all wire activity in real-time and will flag unusual patterns including destination changes, amount anomalies, and timing irregularities.
Yes. Our mobile platform uses the same AES-256 encryption and TLS 1.3 protocols as our desktop banking. Additional mobile protections include certificate pinning, jailbreak/root detection, screen capture prevention, and biometric authentication. We recommend keeping your device's operating system updated and using device-level encryption.
Our behavioural analytics system detects anomalous access patterns and can automatically lock the account. If unauthorised transactions occur, TONHANKS provides a $0 Liability Guarantee for verified fraud - you will not be held responsible for unauthorised charges. Report the incident to our Fraud Team immediately, and we will initiate our investigation and recovery process within 24 hours.
We conduct comprehensive penetration testing with CREST-accredited firms at least twice per year. Internal red team exercises are performed quarterly. Vulnerability scanning runs continuously across all systems. Our SOC 2 Type II audit is performed annually by independent assessors, and results are reviewed by our Board Risk Committee. We also participate in industry-wide cyber threat simulations coordinated by the Financial Services ISAC (FS-ISAC).
Yes. All TONHANKS personal and business accounts include our $0 Liability Guarantee. If you report unauthorised transactions within 60 days, you will be fully reimbursed after investigation. Deposits are insured by the FDIC up to the standard maximum of $250,000 per depositor, per institution. Additional insurance may be available for high-net-worth clients through our Private Banking division.
