Archives For November 30, 1999

Expensify has a lot of users, a lot of different users.  We know that our users come have varying use cases when when it comes to credit cards. We’ve got you covered no matter your situation or credit card.

Safety First:

We use bank-level security to keep your sensitive financial data safe. We’re tested regularly to ensure our security measures are up to date, and even subscribe to daily probing by McAfee to make sure that we can defend against the latest hacker tactics.  Continue Reading…

I just read this article about how someone made a Firefox extension to steal sessions from popular websites. Are you kidding me? Security isn’t an easy thing, I’ll admit. And maybe we take security to the extreme. But seriously, it’s amazing how many other sites don’t even do the basics. When choosing any service that involves sensitive information, especially sensitive financial information, I’d suggest always looking for the following:

  • Make sure the address starts with https://. (Sometimes this is replaced with an icon of a little padlock.) This means it’s using the “secure” version of HTTP, which is the protocol that powers the web. Make sure it’s there from they very first page you load, and stays there as you browse the site. Sure, it’s a bit more expensive for the company. But it’s the least we can do.**
  • Look for PCI compliance. Or, if not that (because it’s pretty intense), at least *some* indication they’re using a third-party approved security framework.
  • Look for strong partnerships, such as banks and financial institutions. These guys take security really seriously, so if they’re on board, it’s another vote in the site’s favor.

Real security often isn’t easy. But most important things aren’t.


** Note: I should highlight that this blog doesn’t use HTTPS, but it’s also not asking you for anything. When you sign in to Expensify proper — at — every connection is secure.

Lions with Lightsabers

 —  August 19, 2009 — 6 Comments

At Expensify, we know security.