Our security philosophy

At x15ventures, we’re working hard to build and scale the next generation of digital businesses to benefit CommBank’s 15 million customers and beyond. Central to our development philosophy is the mantra of "safe, sound, secure" – this means security is a core focus, not something we sacrifice to develop at pace. It’s baked into everything we build, not implemented as an afterthought.

We apply a zero-trust approach to security, emphasising strong identity controls as the security perimeter, and we are constantly working to minimise the risk of security issues impacting our ventures. We also have a robust security operations capability ready to respond in the event of an incident.

The x15 security team

We’ve got a dedicated team of talented engineers focused entirely on the security of x15 and our ventures. The x15 security team's expertise spans product security, operations, incident response, and security testing, with decades of collective experience working in the financial services industry, multi-national tech companies, government, and small business. The team works with our ventures at all phases of development to ensure the highest level of security for our software, systems, and processes.

Our approach to software and system security

Our ventures are developing software that incorporates commercial products, open-source projects, and our own proprietary code. We work hard to implement a range of proactive measures to ensure our software and the systems hosting it are as secure as possible. This includes:

Security operations

In the event of a security vulnerability or incident, our security team is ready to respond. The x15 Security Operations Centre (SOC) constantly monitors for indicators of compromise and responds to reports of vulnerabilities and breaches.

We treat resolution of security vulnerabilities and incidents as a critical priority.

Security risk management and regulatory compliance

As our ventures operate in the financial technology space, a number of regulations governed by the likes of APRA and the ACCC apply to us. As part of a broader risk management framework, we ensure compliance of our ventures with relevant regulatory standards such as APRA CPS 234, the CORIE framework, and the Consumer Data Right.

Scams, fraud, and suspicious behaviour

Scams and fraud are a major concern in today’s financial services environment. Our dedicated security team works alongside the Commonwealth Bank to implement a number of technologies to identify and prevent scams and fraud. More details on how to protect yourself can be found on CommBank’s website, including information on Credit Savvy's SavvyShield feature that protects against digital identity theft. 

If you have received a message that looks suspicious, please report it to us via hoax@x15.com.au, including emails and any other interactions you have had with the suspected fraudsters.

How to report security vulnerabilities

If you find any security concerns in the websites, applications, or systems of any of our ventures, please report them to security@x15.com.au. The x15 security team monitor this email address and will co-ordinate resolution of any reported issues in confidence.