Labels & Regulations - Security Certifications
General Data Protection Regulation (GDPR)
We’ve strengthened our internal processes to ensure control over the processing of your personal information, including the ability to override cookie tracking and secure browsing in Spendesk.
On the recommendation of the CNIL for companies, Spendesk does not store your account password or your card numbers.
Payment Card Industry Data Security Standard (PCI DSS)
Spendesk’s partners are certified with the PCI Data Security Standard, an information security standard for organizations that handle branded credit cards from the major card providers. It increases controls around cardholder data to reduce credit card fraud.
PSD2 & SCA
SCA is a new European regulatory requirement to reduce fraud and make online payments more secure. The purpose is to strengthen the level of payment security and protect consumers by imposing strong authentication procedures for account access and payment transactions.
Under PSD2, strong authentication involves a verification at each account access and transaction level, using at least two of the following means: a password or code that only the user knows; a device (mobile phone or smart card) that only the user has; a personal characteristic of the customer (fingerprint, voice, or facial recognition).
This protocol helps to reduce fraud and provide extra security for online payments. It ensures authentication by receiving a push notification and confirming the payment via biometric/security code directly on the Spendesk app, or sending you a text message with a unique code, only available for 5 minutes.