This website requires JavaScript.
Skip to content

Safety first.

Security is a priority at Spendesk - we value the integrity of your personal data as much as we do our own. We’re committed to protecting all your company spending with the highest security and privacy standards.

Security-Page Hero
Security at Spendesk

Security on the platform

Spendesk databases are encrypted and automatically backed up every day. We use firewalls, encrypt passwords, verify the payer for every transaction, and automatically log users out after their session. Our databases and servers are hosted and maintained by AWS (Amazon Web Services).

Our security measures follow standard practices that have been proven to be reliable and robust. These measures will constantly evolve in anticipation of future risks, and Spendesk will always work to keep your financial data secure. You can also control the authorization and authentication of employees' access to Spendesk with SAML SSO: employee access with a single sign-on portal (Microsoft Azure, onelogin, Okta).

Security-Page Fraud
Online payments security at Spendesk

Fraud detection algorithm

The Spendesk platform is equipped with a fraud detection algorithm that notifies account owners about any potential fraud or suspicious online payment activity in a weekly Security Report.

Security-Page Platform
Personal data security at Spendesk

Privacy Policy

Spendesk places the utmost importance on the security and integrity of the personal data entrusted to it. We take all necessary precautions to preserve data security and protect against any incident.

Read more
Security-Page Privacy

Labels & Regulations - Security Certifications

General Data Protection Regulation (GDPR)

We’ve strengthened our internal processes to ensure control over the processing of your personal information, including the ability to override cookie tracking and secure browsing in Spendesk.

On the recommendation of the CNIL for companies, Spendesk does not store your account password or your card numbers.

Read more

Payment Card Industry Data Security Standard (PCI DSS)

Spendesk’s partners are certified with the PCI Data Security Standard, an information security standard for organizations that handle branded credit cards from the major card providers. It increases controls around cardholder data to reduce credit card fraud.



SCA is a new European regulatory requirement to reduce fraud and make online payments more secure. The purpose is to strengthen the level of payment security and protect consumers by imposing strong authentication procedures for account access and payment transactions.

Under PSD2, strong authentication involves a verification at each account access and transaction level, using at least two of the following means: a password or code that only the user knows; a device (mobile phone or smart card) that only the user has; a personal characteristic of the customer (fingerprint, voice, or facial recognition).

Read more

3-D Secure

This protocol helps to reduce fraud and provide extra security for online payments. It ensures authentication by receiving a push notification and confirming the payment via biometric/security code directly on the Spendesk app, or sending you a text message with a unique code, only available for 5 minutes.

Read more

Working with the best in the business

We work with your bank and trusted banking providers to provide a seamless and secure spending solution.

Transact Payments Limited

Spendesk debit and prepaid cards and Spendesk accounts are issued by Transact Payments Limited (TPL) under license from Mastercard International Incorporated. TPL is licensed and regulated by the Gibraltar Financial Services Commission (GFSC) and the Malta Financial Services Authority (MFSA).

Security-Page TPL

Bnkbl Ltd

Bankable (Bnkbl Ltd) provides banking services to Spendesk along with PCI-DSS certified payment solutions. It lets our users and customers issue payments with certified and compliant means of payment.

Security-Page Bankable

SFPMEI (EUR accounts)

When loading your Spendesk account, we will open a payment account at SFPMEI, an eMoney institution licensed in Europe and approved and controlled by the ACPR: "l’Autorité de Contrôle Prudentiel et de Résolution." Your funds will be in an escrow account at Arkea Banking Services, a credit institution also regulated by the ACPR.

Security-Page SFPMEI


All EMEA Spendesk physical cards are issued by TPL under Mastercard license, making each transaction secure and directly connected to the Spendesk platform. The Mastercard cards are equipped with a microchip that provides protection against fraud worldwide. US cards are issued by Sutton Bank under Visa’s license.

Learn more
Security-Page Card-US

Achille Manbou, Financial Controller at We Are Social

Thanks to Spendesk virtual cards, our teams can quickly and easily pay for things online. And it's very secure, so that minimizes our risk of fraud.
Learn more

Communications agency, London, United Kingdom

we-are-social-office-design-1-700x504 we-are-social-office-design-1-700x504

Most frequently asked questions

View some of the most common questions and answers related to Spendesk security.

Where are the funds stored?

Spendesk is not a bank, therefore the funds are under your name and we cooperate with banking partners. When loading your Spendesk account, your funds will be in an escrow account at Arkea Banking Services, held by SFPMEI ("Société Financière du Porte-Monnaie Electronique Interbancaire"), a credit institution licensed in Europe and approved and controlled by the ACPR: "l’Autorité de Contrôle Prudentiel et de Résolution."

What is a safeguarded account?

Spendesk secures the third party funds collected by opening and maintaining safeguarded accounts in the books of a credit institution partner of the company. The safeguarded accounts allow a clear separation between third party funds (your funds/clients' funds) and Spendesk funds, so that third party funds are never misused.

How are my receipts stored?

Spendesk provides an archiving service with probative value on demand of the company and complies with the regulatory requirements, and uses a storage solution to ensure that these documents are kept for at least 10 years.

This process consists of:

  • Tracking receipts uploaded to Spendesk via mobile app, desktop app and email.

  • Generating a PDF file of the receipt.

  • Signing the PDF file with an electronic seal based on a qualified certificate.

  • Archiving the invoice on an ISO 27001 compliant server during the entire legal period.


  • The image is transmitted securely and uninterruptedly to the server (AWS S3).

  • The images obtained via HTTPS protocol will be automatically processed during the creation of the PDF file and the signing (Universign) of the PDFs.

  • The certification service (once the PDF is signed which concludes the uninterrupted process) stores the signed PDF files on the server (Amazon Glacier).

Want to know more?

Make the switch to smarter company spending today.