At Flutterwave, we pride ourselves in helping you make and receive payments from one country to another, from customer to business, business to vendor etc. We simplify payments for endless possibilities. In doing that, we also understand the importance of safety and security. We also understand how difficult it is to build trust and how easily it can come crumbling down like a pack of cards if care is not taken. As a result, we have invested heavily in innovating around trust and creating a sense of security across all our customer segments. Below are some of the ways we are ensuring your safety when you use our products:
IP Whitelist
When you whitelist an IP (Internet Protocol) address on your Flutterwave for Business account, it means that payouts (transfers from your account) can only be processed from that IP address. If for any reason, an IP address that’s not whitelisted attempts to transfer money from your account, it won’t be successful. This is a security feature by Flutterwave to further secure your account especially if you’ve got multiple admins of the same account. It means that having access to the account is not enough to send your funds to an account you didn’t authorize. We encourage you to enable this feature to enjoy extra security. You can learn more about this feature here and watch this video to activate it.
Determine Payout Source
On your Flutterwave for Business account, you can process payouts from your Dashboard, API or both. This feature allows you to select where you want to process payouts from. You can choose the Dashboard or API or both. With this feature, if only Dashboard is selected, all payouts from API will fail and vice-versa. If you haven’t activated this feature, learn how to do it here.
Multi-factor Authentication (MFA)
This secures your account from unauthorized access by ensuring that anyone trying to access your account provides more than one credential to prove their identity. When you try to log into your Flutterwave for Business account, after providing the email address and password, we will send you an OTP (One-Time Password) via your email address and phone number to ensure you are the one authorizing access. You can also use authenticator apps to authorise access. You can learn more about MFA in this detailed article we wrote about it. This adds an extra layer of trust to your account, and you can rest assured knowing that your account is protected wherever you are. Our MFA feature allows you to authorise both logins and payouts. We hope you start using this feature today, learn how here.
3D Secure (3DS)
3D Secure (3DS) is an industry authentication standard that makes it easy to process online card payments by enabling businesses and their payment providers to provide key transaction attributes that the card issuer can use to authenticate transactions more accurately without asking for a password. This innovation merges security and convenience with payments.
Flutterwave supports 3DS via our payment APIs and Checkout. This automatically allows merchants to apply 3DS to high-risk payments protecting merchants from fraudulent transactions. Flutterwave ensures 3DS is applied as long as the cardholder’s bank supports it. Read this blog post to learn more about 3D Secure.
Training and Education
Beyond technology, our people are our greatest asset. We continue to train & retrain our staff on data protection, information security and anti-money laundering initiatives to ensure they’re able to withstand any attack from bad actors. Fraudsters who cannot break through firewalls via brute force, seek out a softer way of compromising user accounts by compromising people. We ward off this attack by ensuring that our people are always in the know of the latest lines of attack, enough to defend themselves and our customers.
Periodic Audit By Global Consulting Firms
We understand that to build a security fortress, we need to work with top global security and audit firms to review our processes periodically. The last review and audit gave Flutterwave a green bill of health, and we pride ourselves in having standardized processes that protect our people, customers and systems. All of these are efforts to create trust in the payments ecosystem.
Certification and Standardisation
We continue to renew our security licenses and certifications; including our PCI-DSS security which is the highest level of security clearance for any company processing card transactions. In fact, we maintain standards that are higher than the recommended minimum for global operations. We operate in countries with slightly higher standards than is globally acceptable and we’ve been able to improve our standards that way. All of these are geared towards building trust with our customers and enabling them to grow their businesses.
Periodic Regulatory Audit
Part of the requirements of being a global payments company is that regulators have the obligation to review our processes periodically and even on the spot. This means that we have to keep operating at the highest standards of security and compliance, not just to pass regulatory reviews, but to protect our customers and deepen our relationships with them.
Security is key to all we do at Flutterwave and we continue to uphold this highest standard of safety across all our operations and products. We’ll keep innovating and investing in resources that ensure our products remain 100% safe and secure for all merchants and their customers.