Securing an ACH Payment API

Dwolla takes an iterative approach to managing risk and information security, focusing on protecting data and identities as businesses move money using Dwolla’s ACH API.

infosec white paper graphic

Research: Comparing ACH Fraud Rates to Cards

The ACH Network is secure for businesses. After examining U.S. payment fraud data from 2012-2016, a study by the Federal Reserve showed the total number of fraudulent ACH transactions decreased while fraudulent card activity grew in both volume and activity.

According to the report, ACH payments had the lowest fraud rate, by value, among the payment types with just 1.3% of fraudulent ACH transactions in 2015.

Read the Report
bank vs credit card graphic

Creating a Culture of Security & Data Protection

In an industry where trust is paramount, using sophisticated security practices gives businesses confidence that Dwolla is keeping their data secure. Dwolla’s Information Security team works with each of our clients to protect them, offering best practices to ensure private information stays private.

Ongoing Education

Our engineering and InfoSec teams regularly train in several different areas including cryptography knowledge, OWASP Top 10 and other topics relevant to the Dwolla Platform.

Community Conscious

We share information security approaches locally and nationally to help shape the security community.

Strategic Approach

Continual internal and external testing helps Dwolla’s InfoSec team identify and understand the tactics adversaries will use—and how to proactively stop them to keep data safe.

Third-party Testing

Solutions that are only secure in theory are not acceptable. We partner with third-party providers to test, attack and evaluate our security controls to confirm they work.
Interested in more information about our security practices?
Read the White Paper

Security is in our DNA

Don’t manage the complexities of payments alone. Let Dwolla’s accomplished security team protect what matters most.

Dwolla Security DNA Graphic

Proven Practices

We take protecting data seriously. Dwolla maintains a SOC 2 report, which provides independent, third-party attestation that we are taking the appropriate steps to protect our systems and your data.

Thoughtful Reliability

By partnering with AWS and Cloudflare—companies that take security as seriously as we do—and by taking a proactive stance to monitor for potential risks, Dwolla provides layers of reliable security.

Strong Access Controls

With data as precious as financial information, make sure only the right people have the right access. Using OAuth authentication and scoping, sensitive information is only available using a temporary and constantly changing key (or token), protecting your data from adversaries.

Think you’ve found a security issue with a Dwolla system or application? Contact to report it for validation and get an invite to our bug bounty program.

Meet Your Payment Partner

Learn the benefits of partnering with Dwolla to access the ACH Network for payments. Sign up today.
Sign Up