• Bowery Solutions: Wave Security

In an effort to make the payment process as secure as possible payments are made though Wave – below are some of Wave’s security highlights.

Data Security
PCI-DSS Compliant: Wave is Level 1 PCI-DSS compliant. This means that every year wave has a third-party audit to validate our practices and make sure they are doing the right things for users (Bowery Solutions customers).

Secure Data Transmission
When you load a page in your browser, or upload something to Wave, all that information is encrypted while it’s moving over the internet. Wave locks up your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping. Wave also support a wide variety of cyphers — another kind of code — for their communications, to ensure the highest level of encryption possible, based on your browser.

Wave doesn’t store credit card numbers, ever. Credit card information is sent directly from the app or browser to their payments processor, and Wave receives a secure token back. This token is a code that authorizes Wave to complete the activity securely and efficiently, without storing or exposing your credit card information.

Secure Data Storage
Your accounting data is stored on servers that have strict physical access protocols, meaning there are rules in place limiting access to only the people who need it to do their jobs. The facilities are controlled with 24/7‬ monitoring, and the technology is digitally protected.

Security Testing‬
Wave uses many layers of security testing. They test their systems internally and also regularly bring in third-party security firms to perform vulnerability assessments and penetration tests against our systems. In addition, Wave has a private bug bounty program through HackerOne. This means that Wave has security researchers from all over the globe testing the Wave app on an ongoing basis.

Mobile Security
Passwords are encrypted when they’re collected, when they’re sent to Wave’s servers, and they never store them without encrypting them first. In fact, all communications between Wave apps and the servers are encrypted using Transport Layer Security (TLS) — the replacement for Secure Sockets Layer (SSL) — the highest level of security protocols available. Beyond that, Wave does not store any sensitive information, such as credit card numbers, on the device ever.

Fraud Prevention
Wave built an internal risk system that uses a wide variety of tools and insights to protect you and your customers from fraud. They have integrated several third-party security and anti-fraud service providers to create a layered approach to risk detection, for the highest level of protection. Moreover, their team of risk analysts monitor high risk and out-of-pattern behavior to keep our platform safe.

Bank Access Security
Read-only security: The connection Wave makes with your financial institutions to import transactions is read-only.

Password Protection
For increased security, Wave employs industry-leading online banking services to manage bank account and password data. These third parties are trusted by some of the world’s biggest banks, including Bank of America, Citibank, and Wells Fargo.

© 2020 Bowery Solutions