See what Truss would have caught in your last month of traffic. Request a demo →
Truss by Islands Digital
Security & trust

We can’t lose your money. We never touch it.

Truss is built so the worst case is small. We don’t move funds, we take in the least data we can, and every finding can be checked against systems you already control. The blast radius is the point.

Non-custodial by design

Truss never holds, settles, or moves funds, and is never on the funds path. Your licensed institution remains the only party that moves value, which keeps your regulatory surface narrow and unchanged.

Read-first

Truss observes by default: it reads records and the settlement file and reports. Write actions, retry and reversal instructions, are optional, and are executed by your bank, not by us.

Data minimisation

We take in what reconciliation needs and no more. Identifiers can be tokenised so that join keys still line up while raw values stay protected. What isn’t needed isn’t ingested.

Deploy in your environment

Truss can run in your own cloud or VPC, so sensitive data need not leave your boundary. The architecture is the same locally as in the cloud.

Confirm against your own records

Every finding traces to your core-banking record and the NIBSS settlement file you already receive. Truss is a magnifying glass over data you own, not a new source of truth you must trust.

Immutable audit

Every state change and every operator action is appended to a timestamped, replayable log. History is never rewritten, you can always reconstruct what was known and when.

Data protection

Built with NDPR / NDPA in mind.

Truss is designed around data-protection principles that matter under the Nigeria Data Protection Act: process the minimum necessary, keep personal data inside your boundary where possible, tokenise identifiers, and maintain a full audit of access. We work within your existing data-processing agreements and controls.

We describe our design posture here, not a certification claim. We’re glad to walk your risk and compliance teams through specifics during evaluation.

The principle

Minimise what leaves your environment, tokenise what must move, audit every access, and let the customer verify everything against their own systems.

Bring your risk team.

We’ll go deep on deployment options, data handling, and the non-custodial structure, the questions a bank’s security review actually asks.

Request a demo