Security & Compliance

Enterprise-Grade Security

Enterprise-grade security features for financial message management — from access control and encryption to audit trails and compliance.
Encryption

Multi-Layer Encryption

Defense-in-depth encryption strategy protects data at every layer of the application stack — from user access to network transport to message integrity.

TLS/SSL for application HTTPS — securing both user and REST API access
MQ endpoint SSL encryption with 1-way and 2-way authentication
Secure database connections
LAU (Local Authentication) digital signing for SWIFT Alliance Access ensures message integrity and non-repudiation
LAU keys stored encrypted in database
Database-level encryption and data-at-rest encryption on the server are fully supported — handled by your infrastructure team with no PMH limitations
USER / API / MQ TLS / SSL Encryption MQ Endpoint SSL Secure DB Connection LAU Digital Signing SWIFT Alliance Access HTTPS REST API 1-way / 2-way authentication Encrypted keys Non- repudiation
Approval Controls

4-Eyes Principle

Built-in support for verification and authorization workflows across both business messages and administrative operations.

Administrative operations (user management, role management, profile management) can require maker-checker approval
Pending operations tracked in Inbox with detailed change comparison — old vs. new values highlighted
Entity locking during approval prevents conflicts
Rejection with reason tracking
Complete audit trail of approval workflow for both business and administrative operations
PMH 4-eyes approval inbox showing pending operations with status and approver tracking
Data Isolation

Data Segregation

User profiles enable data segregation for fine-grained protection. Different departments or entities can be isolated within the same platform instance.

Organizational units group users for message creation and approval control
Unit-based approval restrictions ensure only authorized personnel can approve messages from specific departments
Template segregation by unit
Profile restrictions filter by BIC patterns, message types with wildcards, or amount ranges with currency conversion
PMH profile restrictions editor showing BIC, amount and message type filtering for data segregation
Compliance

Audit Logging & Compliance

Comprehensive audit trail preserving session information, audit records, and detailed message processing traces.

Configurable retention policies — default 365 days for audit logs, 30 days for workflow traces
Automated log purging with configurable schedules reduces operational overhead while maintaining compliance
Complete session management with configurable automatic timeout (15 minutes default)
Detailed login history tracking captures all successful and failed login attempts with timestamps and IP addresses
Prevents unauthorized access from unattended workstations while supporting operational flexibility
PMH audit log viewer showing operations, details and timestamps with search filters
Application Security
API & Web Application Security
Multiple layers of protection for REST API consumers and web application users.

REST API Security

JWT token-based authentication reduces credential exposure over the network. Token-based approach enables secure system-to-system integration with stateless authentication. Role-based access control extends to REST API resources with same granular permissions as the UI.

Content Security Policy

CSP headers prevent XSS and code injection attacks. Configurable frame-ancestors control iframe embedding. Defense-in-depth security approach following modern web application security standards.

Password Security Controls

Configurable password complexity (length, uppercase, lowercase, digits, special characters). Password history validation prevents reuse. Automatic account lockout after failed login attempts. Passwords hashed — never stored in plain text.

Session Management

Multi-device concurrent sessions with per-browser isolation. Configurable automatic timeout (15 minutes default). Complete login history with timestamps and IP addresses for all successful and failed attempts.

Access Control

User & Access Management

Role-based access control with granular permissions and data segregation by organizational units for multi-tenant environments.

Profile restrictions support BIC patterns, message types with wildcards, include/exclude logic, and amount ranges with automatic currency conversion
Multiple profiles per user per resource
Multiple authentication methods (LDAP, RADIUS, local database) with automatic failover
Configurable password policies with complexity, history validation, and account lockout
Multi-device concurrent sessions with per-browser isolation
Time zone support with automatic DST adjustments for multi-region deployments
User entitlements report shows complete permission matrix
PMH user management detail showing credentials, personal information, and role assignments
Certifications & Standards
Industry Compliance
Prowide Messaging Hub is designed to meet the security and compliance requirements of the financial services industry.
ISO 27001 Certified
SWIFT Registered Provider
Data Sovereignty
On-Premises Control
Why banks choose Prowide Messaging Hub for data sovereignty and independence.

Your Infrastructure, Your Data

Deploy on-premises or in your private cloud with full control over data residency and sovereignty.

Network-Agnostic

Works with SWIFT and proprietary networks — no vendor lock-in on connectivity.

Faster Deployment

Faster deployment than typical enterprise solutions with lower operational overhead.

Perpetual Licensing

Own the software — not subscription-based. Fully customizable to your workflows.

YOUR INFRASTRUCTURE Applications Backoffice Core System Messaging Hub Database MQ Broker EXTERNAL SWIFT Network Correspondents / Proprietary
Discuss your security requirements
Contact us to learn how the Messaging Hub meets your organization's security and compliance needs.
Contact Us → Back to Hub Overview