Security first.
Security is a priority at Spendesk - we value the integrity of your personal data as much as we do our own. We’re committed to protecting all your company spending with the highest security and privacy standards.
Security at Spendesk
Platform security
Our reliable and robust security measures continuously evolve to anticipate future risks, ensuring your financial data remains secure. All data are encrypted by powerful cryptography, and Spendesk implements advanced platform protection mechanisms.
Advanced access control
Because only you should have access to your data, Spendesk implements multi-factor authentication, permissions and access control mechanisms for both users and employees.
Proactive fraud protection
Spendesk verifies the user for every transaction with 3DS verification. Our software is equipped with powerful fraud detection systems to protect users from any potential fraud or suspicious online payment activity.
Personal data protection
At Spendesk, we take the protection of your personal data seriously. We are committed to safeguarding your privacy and ensuring that your information is handled with the utmost care and respect. Read more.
Card management
You can block or unblock your physical cards in one click at any time, or generate virtual cards to protect yourself against card or card data theft.
Security certifications & audits
Spendesk's security is regularly tested by independent companies to ensure that our practices and technical measures remain effective over time. Spendesk also holds the ISO 27001:2022 certification. Any vulnerabilities or security issues can be reported to our security team, including through our Bugbounty program. Read more.
Platform availability
Our databases and servers are hosted and maintained by AWS (Amazon Web Services) with a high availability architecture to ensure the best quality of service. Data is also backed up daily with high-security measures to ensure its availability. You can track service availability in real time on our status page.
Trust center
If you would like more information on the controls and policies implemented by Spendesk, please visit our Trust Center.
Labels & Regulations - Security Certifications
General Data Protection Regulation (GDPR)
Spendesk is committed to complying with GDPR requirements.
Our dedicated team focuses on protecting your data on a daily basis, putting in place appropriate technical and organisational measures, supported by well-established procedures and documentation to respect GDPR accountability.
)
Payment Card Industry Data Security Standard (PCI-DSS)
Spendesk’s partners are certified with the PCI Data Security Standard, an information security standard for organisations that handle branded credit cards from the major card providers. It increases controls around cardholder data to reduce credit card fraud.
SCA
Strong Customer Authentication (SCA), also sometimes called Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), is a technique aimed at authenticating the user by at least two of the following means: a password or code that only the user knows; a device (mobile phone or smart card) that only the user has; a personal characteristic of the customer (fingerprint, voice or facial recognition).
This technique, made mandatory by the European directive PSD2, aims to reduce fraud and secure online payments by ensuring that the legitimate user is the one accessing his account or carrying out payment transactions.
ISO 27001:2022
ISO/IEC 27001 is an international standard for managing information security. It details requirements for establishing, implementing, maintaining and continually improving an effective information security management system (ISMS) to help organisations make the information assets they hold more secure.
Spendesk applies the requirements of the ISO 27001 standard in its most recent version published in 2022. Compliance with this standard is guaranteed by an independent auditor who certifies Spendesk. Spendesk's certificate is available in our Trust Center.
The Digital Operational Resilience Act
The Digital Operational Resilience Act (DORA) is a European Union regulation that aims to improve the digital operational resilience of EU financial entities and their ICT suppliers, as well as to reduce vulnerability to cyber threats across the entire financial sector value chain.
DORA focuses on four main pillars: ICT risk management, incident management, operational resilience testing (services continuity) and supply chain management.
General Data Protection Regulation (GDPR)
Spendesk is committed to complying with GDPR requirements.
Our dedicated team focuses on protecting your data on a daily basis, putting in place appropriate technical and organisational measures, supported by well-established procedures and documentation to respect GDPR accountability.
Payment Card Industry Data Security Standard (PCI-DSS)
Spendesk’s partners are certified with the PCI Data Security Standard, an information security standard for organisations that handle branded credit cards from the major card providers. It increases controls around cardholder data to reduce credit card fraud.
SCA
Strong Customer Authentication (SCA), also sometimes called Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), is a technique aimed at authenticating the user by at least two of the following means: a password or code that only the user knows; a device (mobile phone or smart card) that only the user has; a personal characteristic of the customer (fingerprint, voice or facial recognition).
This technique, made mandatory by the European directive PSD2, aims to reduce fraud and secure online payments by ensuring that the legitimate user is the one accessing his account or carrying out payment transactions.
ISO 27001:2022
ISO/IEC 27001 is an international standard for managing information security. It details requirements for establishing, implementing, maintaining and continually improving an effective information security management system (ISMS) to help organisations make the information assets they hold more secure.
Spendesk applies the requirements of the ISO 27001 standard in its most recent version published in 2022. Compliance with this standard is guaranteed by an independent auditor who certifies Spendesk. Spendesk's certificate is available in our Trust Center.
The Digital Operational Resilience Act
The Digital Operational Resilience Act (DORA) is a European Union regulation that aims to improve the digital operational resilience of EU financial entities and their ICT suppliers, as well as to reduce vulnerability to cyber threats across the entire financial sector value chain.
DORA focuses on four main pillars: ICT risk management, incident management, operational resilience testing (services continuity) and supply chain management.
ACHILLE MANBOU, FINANCIAL CONTROLLER AT WE ARE SOCIAL
Thanks to Spendesk virtual cards, our teams can quickly and easily pay for things online. And it's very secure, so that minimizes our risk of fraud.Learn more
)
Communications agency, London, United Kingdom
Most frequently asked questions
View some of the most common questions and answers related to Spendesk security.
Spendesk is not a bank although it has a Payment Institution license in Europe. When loading your Spendesk account, your funds will be credited to an account opened in your name and segregated in the book of a partner Credit Institution.
Our partner payment services providers secure the third party funds collected by opening and maintaining segregation accounts in the books of a credit institution. The segregated accounts allow a clear separation between third party funds (your funds) and the payment services providers' funds, so that your funds are never misused and protected against actions from the payment services providers' creditors.
Spendesk provides a dematerialisation service with probative value on demand of the company and complies with the regulatory requirements, and uses a storage solution to ensure that these documents are kept for at least 10 years.
This process consists of:
Tracking receipts uploaded to Spendesk via mobile app, desktop app and email.
Generating a PDF file of the receipt.
Signing the PDF file with an electronic seal based on a qualified certificate.
Archiving the invoice on an ISO 27001 compliant server during the entire legal period.
Thus,The image is transmitted securely and uninterruptedly to the server (AWS S3).
The images obtained via HTTPS protocol will be automatically processed during the creation of the PDF file and the signing (Universign) of the PDFs.
The certification service (once the PDF is signed which concludes the uninterrupted process) stores the signed PDF files on the server (Amazon Glacier).