security Archives - Expensify Blog Expensify Blog

Changes to Domain Control Permissions

garrettmknight — September 4, 2013 — Leave a comment

Shout out to all the Domain Control users out there! Per demand, we’ve updated the functionality of our ‘Strictly enforce expense policy’ permission to allow more customization.

As a reminder, ‘Strictly enforce expense policy’ limits two things. When this is enabled for a group of users:

They cannot submit expense reports with ANY report violations.
They cannot submit expense reports to anyone but the approver set in their policy.

In Product Info account permission, domain control, expense policy, expense reports, group permissions, security, user update

Pro-Tip Monday: Credit Card Best Practices

drvidal — April 15, 2013 — 1 Comment

Expensify has a lot of users, a lot of different users. We know that our users come have varying use cases when when it comes to credit cards. We’ve got you covered no matter your situation or credit card.

Safety First:

We use bank-level security to keep your sensitive financial data safe. We’re tested regularly to ensure our security measures are up to date, and even subscribe to daily probing by McAfee to make sure that we can defend against the latest hacker tactics. Continue Reading…

In Product Info bank security, banks, centrally administered cards, commerical cards, credit cards, Payment Card Industry Data Security, security

How to spot a secure service (aka, Why Expensify uses HTTPS for everything)

David Barrett — October 25, 2010 — 3 Comments

I just read this article about how someone made a Firefox extension to steal sessions from popular websites. Are you kidding me? Security isn’t an easy thing, I’ll admit. And maybe we take security to the extreme. But seriously, it’s amazing how many other sites don’t even do the basics. When choosing any service that involves sensitive information, especially sensitive financial information, I’d suggest always looking for the following:

Make sure the address starts with https://. (Sometimes this is replaced with an icon of a little padlock.) This means it’s using the “secure” version of HTTP, which is the protocol that powers the web. Make sure it’s there from they very first page you load, and stays there as you browse the site. Sure, it’s a bit more expensive for the company. But it’s the least we can do.**
Look for PCI compliance. Or, if not that (because it’s pretty intense), at least *some* indication they’re using a third-party approved security framework.
Look for strong partnerships, such as banks and financial institutions. These guys take security really seriously, so if they’re on board, it’s another vote in the site’s favor.

Real security often isn’t easy. But most important things aren’t.

-david

** Note: I should highlight that this blog doesn’t use HTTPS, but it’s also not asking you for anything. When you sign in to Expensify proper — at https://expensify.com — every connection is secure.

In Engineering expense reports, expensify, https, secure service, secure web apps, security

Lions with Lightsabers

— August 19, 2009 — 6 Comments

At Expensify, we know security.

ninja

In Announcements expense reports, fun stuff, lightsaber, lion, security

Expensify Blog

Archives For November 30, 1999

Pro-Tip Monday: Credit Card Best Practices

How to spot a secure service (aka, Why Expensify uses HTTPS for everything)

Lions with Lightsabers

Categories

What We’re Writing

What We’ve Written