Deep Dive: Security - How Expensify protects your information
We use bank-level security to keep your sensitive financial data safe. We’re tested regularly to ensure our security measures are up to date, and even subscribe to daily probing by McAfee to make sure that we can defend against the latest hacker tactics. Our ability to defend against these attacks is proudly displayed below and can be checked directly on the McAfee SECURE site. Keep reading to find out the steps we take to keep your information protected.
The Gold Standard of Security
We take your security seriously and comply with the Payment Card Industry Data Security Standard. This comprehensive analysis that spans many aspects of how systems interact is the gold standard of security measures for anyone taking credit card information online. The same rigorous standard is used by PayPal, Visa, and YOUR bank. For more information on its requirements, check out the PCI-DSS website.
You can also rest comfortably knowing we are SSAE 16 compliant!
Data and Password Encryption
Your data is encrypted the moment you press enter. This holds true for all communication between your internet browser and our servers, our servers and our partners, and all communications our servers do between themselves. If you want to get technical, we use HTTPS+TLS for all web connections and we encrypt all inter-datacenter communications.
Even more important than encrypting what is sent between you and our servers, however, is encrypting what is written to disk. For this, we spent the entire first year building a geo-redundant, PCI compliant datacenter that achieves amazingly high uptime.
In our case, we use a special type of encryption key called a split knowledge, dual-control key that is known by our servers and nobody else. This special key is split into two components, each of which is stored in a different secured location and managed by a different Expensify employee. The two parts are securely combined by our servers in memory when they’re booted up, and never written to disk. If a server is restarted or loses power, the key is wiped from memory and must be manually re-entered by both employees — much like on a nuclear launch panel.
With this setup our most sensitive data cannot be decrypted by anybody, not even ourselves, except within the very secure confines of our very hardened servers. Even in the worst-case scenario of an elite squad of armed mercenaries physically stealing our servers, your information would be useless because it could not be decrypted by anyone.