Nothing is more important than trust. We are constantly evolving our security solutions to earn—and keep—your trust.

We take protecting data seriously. Dwolla maintains compliance with the SOC 2 framework, which provides an independent, third-party assurance that we are taking the appropriate steps to protect our systems and your data.

Dwolla security phone image Kidfund app image

Data Protection

In an industry where trust is paramount, Dwolla’s sophisticated security practices offer solutions that give businesses confidence. That means managing and testing our controls until they meet our standards—and then doing it all again.

  • Data In Transit

    Using Transport Layer Security (TLS), we encrypt sensitive data that is actively moving between our platform and your application.
  • Data at Rest

    Using sophisticated security controls, we protect data on our servers and in our databases.
  • NSA Suite B Aligned Cryptography

    Dwolla aligns itself with some of the best-practice standards released by the NSA to protect our customers' financial data.


With data as precious as financial information, we need to make sure that only the right people have the right access. Using tokenization, sensitive information is only available using a temporary and constantly changing key (or token), protecting your data from adversaries.

Dwolla security tokenization practices

Expert Product Security

Dwolla’s accomplished security team helps protect what matters most.

Proven Practices

By staying up on current best practices, Dwolla consistently takes the necessary and appropriate steps to protect the platform and our customers' data.

Thoughtful Reliability

By partnering with AWS and Cloudflare and automating our security monitoring, Dwolla provides layers of reliable security.

Creating A Culture of Security

Dwolla’s InfoSec team helps protect the Dwolla Platform and our customers across the nation by recognizing that security is never done.

Ongoing Education

Our Engineering and InfoSec teams regularly train in several different areas including cryptography knowledge, OWASP Top 10 and other topics relevant to the Dwolla Platform.

Community Conscious

We share information security approaches locally and nationally to ensure Dwolla has a voice in shaping the security community.

Strategic Approach

Continual internal and external testing helps Dwolla’s InfoSec team identify and understand the tactics adversaries will use—and how best to stop them.

Third-party Testing

We are not satisfied with security solutions that are only secure in theory. We partner with third-party providers to test, attack and evaluate our security controls to confirm they work.
Information Security team at Dwolla
Looking to learn more about our security practices?
Read Our White Paper

If you have questions or concerns regarding security at Dwolla, please contact, or use our public PGP key here.

Meet Your Payment Partner

Get Started