Security & Compliance

Your security and trust are our top priorities

Bank-Level Security

GiveBAC employs the same security standards used by major financial institutions to protect your data and transactions.

🔒 256-Bit Encryption

All data transmitted between your device and our servers is encrypted using TLS 1.3 with 256-bit encryption.

🏦 PCI DSS Level 1

We comply with Payment Card Industry Data Security Standard (PCI DSS) Level 1, the highest level of certification.

🔐 Data Tokenization

Card numbers are tokenized and never stored in plain text. We use Stripe's secure vault for card data.

🛡️ Multi-Factor Auth

Account access requires multi-factor authentication for enhanced security.

Fraud Prevention

Real-Time Monitoring

  • Transaction Alerts: Instant notifications for all card activity
  • Fraud Detection: AI-powered systems monitor for suspicious patterns
  • Velocity Checks: Automatic blocks on unusual transaction volumes
  • Location Verification: Flag transactions from unexpected locations
  • Merchant Validation: Verify legitimacy of merchants before authorization

Card Controls

You have complete control over your card:

  • Instant Freeze: Temporarily disable your card with one tap
  • Spending Limits: Set daily and monthly transaction limits
  • Merchant Categories: Block specific types of merchants
  • Geographic Controls: Restrict transactions to specific regions
  • Instant Cancellation: Permanently cancel your card anytime

Regulatory Compliance

✓ Financial Regulations

  • Bank Secrecy Act (BSA): Anti-money laundering compliance
  • KYC/AML Requirements: Identity verification for all users
  • OFAC Compliance: Sanctions screening and monitoring
  • Electronic Fund Transfer Act: Consumer protections for electronic payments
  • Regulation E: Error resolution and unauthorized transaction protections

✓ Data Privacy Regulations

  • GDPR: EU General Data Protection Regulation compliance
  • CCPA: California Consumer Privacy Act compliance
  • GLBA: Gramm-Leach-Bliley Act for financial privacy
  • SOC 2 Type II: Third-party security audit certification

Data Protection Measures

  • Data Encryption: At-rest encryption for all stored data (AES-256)
  • Secure Infrastructure: Cloud hosting with enterprise-grade security (AWS/Google Cloud)
  • Access Logging: All data access is logged and monitored
  • Employee Training: Regular security awareness training for all team members
  • Background Checks: All employees undergo thorough background screening
  • Incident Response: 24/7 security monitoring and rapid response team

Third-Party Security

Stripe Security

Card issuance and payment processing are handled by Stripe, a certified PCI Service Provider Level 1 - the highest level of certification in the payments industry.

  • Stripe has never had a data breach
  • Used by millions of businesses worldwide including Amazon, Google, and Shopify
  • SOC 1 Type 2 and SOC 2 Type 2 certified
  • Regular third-party security audits and penetration testing

Your Security Best Practices

Protect Your Account:

  • • Use a strong, unique password
  • • Enable biometric authentication (Face ID/Touch ID)
  • • Never share your login credentials or card information
  • • Keep your app updated to the latest version
  • • Review transactions regularly
  • • Log out from shared devices
  • • Be cautious of phishing emails or texts

Incident Reporting

If you suspect a security incident:

  1. Immediately freeze your card in the app
  2. Contact our security team: [email protected]
  3. Provide details of the suspected incident
  4. Change your password and enable additional security measures
  5. Monitor your account for unusual activity

Certifications and Audits

  • Annual PCI DSS compliance assessments
  • Quarterly vulnerability scans
  • Annual penetration testing by third-party security firms
  • Regular code security audits
  • SOC 2 Type II audit (in progress)

Questions or Concerns?

Security Team

Email: [email protected]

General Support: [email protected]

We take all security concerns seriously and will respond promptly.