Wave uses many layers of security testing. They test their systems internally and also regularly bring in third-party security firms to perform vulnerability assessments and penetration tests against our systems. In addition, Wave has a private bug bounty program through HackerOne. This means that Wave has security researchers from all over the globe testing the Wave app on an ongoing basis.
Passwords are encrypted when they’re collected, when they’re sent to Wave’s servers, and they never store them without encrypting them first. In fact, all communications between Wave apps and the servers are encrypted using Transport Layer Security (TLS) — the replacement for Secure Sockets Layer (SSL) — the highest level of security protocols available. Beyond that, Wave does not store any sensitive information, such as credit card numbers, on the device ever.
Wave built an internal risk system that uses a wide variety of tools and insights to protect you and your customers from fraud. They have integrated several third-party security and anti-fraud service providers to create a layered approach to risk detection, for the highest level of protection. Moreover, their team of risk analysts monitor high risk and out-of-pattern behavior to keep our platform safe.
Bank Access Security
Read-only security: The connection Wave makes with your financial institutions to import transactions is read-only.
For increased security, Wave employs industry-leading online banking services to manage bank account and password data. These third parties are trusted by some of the world’s biggest banks, including Bank of America, Citibank, and Wells Fargo.