Secure & Trustworthy
Your money and data are protected at every step
PIN & biometric protection
Unlock the app and confirm sensitive actions with your PIN, fingerprint, or face unlock when your device supports it — so only you control your account.
Identity Verification
KYC-compliant ID verification ensures all group members are who they say they are, minimizing fraud.
Secure Payments
All mobile money transactions are processed through verified payment gateways with end-to-end security.
Complete Audit Trail
Every contribution, disbursement, and penalty is logged. Full transaction history available for review at any time.
Eight layers of protection
Security is not a single feature — it is a layered system built into every part of Vikoba.
Biometric & PIN Authentication
Every session starts with PIN or biometric verification. Sensitive actions — withdrawals, payout approvals — require re-authentication. Brute-force attempts are rate-limited and trigger an account lock.
End-to-End Encrypted Transactions
All payment flows use TLS 1.3 in transit. Payment requests are signed with asymmetric keys before leaving your device. No payment instruction can be replayed or tampered with in flight.
KYC Identity Verification
Every account holder completes a Know Your Customer check before joining or creating a group. Document verification minimises fraud and ensures all group members are who they claim to be.
Immutable Audit Trail
Every contribution, payout, and group action is written to a tamper-resistant transaction ledger. Members can review the full history of any group at any time — nothing is hidden.
Resilient Infrastructure
Deployed on a 3-node Kubernetes cluster on Hetzner Cloud with automated failover, daily backups, and a 99.9% uptime SLA. Disaster recovery procedures are tested quarterly.
Regulatory Compliance
Vikoba operates in alignment with Bank of Tanzania (BoT) guidelines for payment service providers. Data residency requirements are met with in-country storage on Tanzanian infrastructure.
Group Transparency
While your personal data is private, group financial data is intentionally transparent to all members. This is the core of the tontine model — mutual accountability backed by the platform.
JWT Session Management
Sessions use short-lived JWT tokens with refresh rotation. Tokens are bound to the device they were issued on. Logging out from one device instantly invalidates all associated tokens.
Have a security concern or vulnerability to report?
security@vikoba.co.tz — we respond within 24 hours.