Our Engineering and InfoSec teams regularly train in several different areas including security best practices, cryptography, protections against common vulnerabilities, our software development lifecycle, and other topics relevant to the Dwolla Platform.
We share our information security knowledge with clients, partners, and professional organizations to support the security community.
Continuous internal and external testing helps our InfoSec team to stay ahead of the tactics adversaries are using to access sensitive information.
Encryption & Tokenization
We encrypt sensitive data at rest and in transit, and use token identifiers with no intrinsic value when referencing sensitive data elements.
Interested in more information about our security practices?Read the White Paper
We maintain a SOC 2 Type II report for our platform and a PCI DSS certification for our Push-to-Debit offering to assure our customers that we’re taking appropriate steps to protect systems and data.
Security Bottom to Top
We have layers of security that start with our partners—companies that take security as seriously as we do—weave into everything we do at Dwolla, and extend to reviewing the security practices of our clients.
Strong Access Controls
Using the OAuth 2 standard for API authentication and authorization, sensitive information is only available using a temporary and constantly changing token, protecting your data from adversaries.
Think you’ve found a security issue with a Dwolla system or application? Contact firstname.lastname@example.org to report it for validation and get an invite to our bug bounty program.