Security by design
The service and security we provide are equally important. Looking after our mutual clients' investments is of paramount importance, and the business process decisions we make are always taken with client security in mind.
We engage in many security forums and follow the principles-based guidance, frameworks, and certification schemes shared by the National Cyber Security Centre protocols.
Our websites use HTTPS and Transport Layer Security (TLS) to encrypt data transmitted between browsers and our servers.
We have robust processes in place to help ensure that money going off the platform is paid to the right person. To provide added security:
We undertake regular independent security penetration testing and internal vulnerability assessments.
We have a dedicated financial crime team and all staff are trained to be on the alert for scams and fraudster activity.
All clients have secure access to their own online account.
Cyber security guidance for advisers
As an adviser, you handle sensitive personal and financial information every day. That makes you and your firm a potential target for cyber criminals. This guidance is here to help you strengthen your own defences and reduce the chances of something going wrong for your business, your clients, and your peace of mind.
What you can do to protect your data
We’ve built strong security measures into our platform, but your own approach to cyber security plays a big part in keeping things safe. The way you manage access, protect devices, and respond to risks can make all the difference.
Four simple actions to take
Always enable MFA where it's available, including on the platform, email accounts, and any systems used to store or access client data.
MFA provides an extra layer of security even if a password is compromised.
Use long, complex passwords that are unique to each system or service.
Avoid reusing passwords across platforms.
Consider using a reputable password manager to keep track of them securely.
Be cautious with emails asking you to click links, open attachments, or confirm login details.
Check sender addresses carefully; they’re often disguised to look legitimate.
If something doesn’t seem right, don’t respond or click, verify it by phone or another trusted method.
Avoid using public Wi-Fi when accessing the platform or handling client information.
If working remotely, use a secure internet connection or a VPN.
When using the Transact platform
Use MFA every time you log in.
Log out after use, especially on shared or public devices.
Do not save login credentials in shared browsers or devices.
Ensure your device is running up-to-date security software.
Other measures
If you receive a login alert you don’t recognise, change your password straight away. If possible, review your access logs or speak to your IT support team to investigate further.
If you're asked to change a client’s bank details by email, always confirm directly with the client over the phone or face to face. Never rely solely on email, even if the message appears to come from the client.
If an email from a colleague, client or provider doesn’t look quite right, check the sender’s address carefully. Look out for unusual wording or unexpected requests. If something feels off, call the person directly to confirm.
If someone asks for your login details, don’t share them. Access to systems should always be personal and secure. If someone needs access, they should have their own authorised account.
Need help?
If you have questions or think your account may have been compromised, contact us directly:
Cyber Security Team: cybersecurity@integrafin.co.uk
Responsibility and Disclaimer
The security of your firm’s devices, networks, and internal processes remains your responsibility. This guidance is offered as general best practice and does not constitute legal advice or imply any liability on our part for cyber-related incidents affecting your firm. Each firm should carry out its own risk assessments and, where necessary, seek professional cyber security advice.
Making deposits
Please advise clients to avoid sending cheques or banker's drafts because they can be intercepted in the post. The safest ways they can make deposits into their Transact portfolio is through Transact Online, if they have an active Direct Debit linked to the wrapper, they are making the deposit into or via bank transfer.
To make a deposit via Direct Debit, they will need to log into Transact Online and go to Transactions > Deposit and select the “Direct Debit” option. Remember, the wrapper they are making the deposit into needs to be selected.
If they wish to send money via bank transfer, our bank details are below:
Account name: Transact Client Account
Name of bank: NatWest
Account number: 36298921
Sort code: 60-00-01
Their portfolio number will be needed as the payment reference, so we can match the deposit to the portfolio. Please inform us that they have sent a deposit by logging into Transact Online, going to Transactions > Deposit and following the “Bank transfer” instructions.
Scams
Find out more about some of the scams you should be aware of:
Pension scammers continuously design new and more sophisticated ways to gain access to pension savings.
Fraudsters can be effective in persuading victims to transfer money to them to invest in unusual/high-risk investments or to simply steal it outright.
This involves people being duped into sending money to criminals who go to great lengths to gain their trust and convince them that they are in a genuine relationship.
Fraudsters have a variety of methods to convince people in releasing personal information such as date of birth, address, bank account details and one-time passwords.
Fraudsters may impersonate clients, advisers or trusted organisations to gain access to accounts, client information or payment instructions. Always verify unusual or high-risk requests using a trusted callback process.
Criminals may attempt to redirect client payments or withdrawals by requesting changes to bank account details or impersonating trusted individuals. Be cautious of urgent payment requests or last-minute account changes.
Scammers may pressure individuals into transferring funds into fake, unusual or high-risk investments, often using promises of high returns or limited-time opportunities.
Fraudsters use emails, phone calls, text messages and social media to manipulate individuals into revealing sensitive information, bypassing security controls or approving fraudulent activity.
Attackers may attempt to gain access to adviser or client accounts through credential theft, repeated MFA approval requests or compromised email accounts. Never approve unexpected authentication requests or share security codes.
Fraud awareness
We share only a small level of detail of the security measures we have in place. That way, you can be confident that your clients’ investments are safe, and fraudsters can’t use what we share to their advantage. However, if you would like to know more or have any specific questions, please call and we will address your queries.
If at any time you have any suspicions or concerns about any transactions or activity on your clients’ portfolios, act immediately and get in touch.
Testimonial
When I have to deal with other providers I am often reminded how much better Transact is. Fortunately, the vast majority of my work is with Transact!
Anonymous adviser, Transact Adviser Survey 2025