Cardholders may find other articles in the Ramp overview section to be more applicable.
Overview
Confidentiality of personal information
Ramp prioritizes the security of your personal data with utmost seriousness. Rest assured, the information you share during the application process is kept confidential and secure. This data is essential for verifying your business and curbing fraudulent activities.
Safeguarding bank information
To connect your bank account, we partner with reputable vendors such as Teller and Finicity, ensuring top-notch security. Every piece of information is encrypted to protect your financial details.
Security protocols at Ramp
For a comprehensive overview of Ramp's security protocols, please visit our Security Portal. Below are key highlights of how we protect your information:
Multi-Factor Authentication (MFA)
Ramp uses automated systems to guard against unauthorized access and other suspicious requests. MFA is mandatory for all accounts, which involves verification through a phone number. Users can also add extra authentication methods via their Ramp profile. [Learn more about MFA]
SAML SSO for account security
We support Single Sign-On (SSO) using trusted identity providers like Google or Okta with SAML technology for secure, streamlined access. [Learn more about SAML SSO]
Encryption measures
We employ encryption-in-transit, such as HTTPS, to safeguard the transmission of your data. Additionally, all stored data benefits from encryption-at-rest using AES-256 or superior encryption standards. For extra sensitive data within databases, we apply in-field encryption where applicable.
Tokenization standards
To protect your card and CVV numbers, Ramp uses tokenization, a method of substituting sensitive data with non-sensitive equivalents.
Least privilege access and audit trails
We operate on a least-privilege principle, limiting data access to a minimal number of employees as necessary to assist you. Access to your data is logged and routinely monitored for auditing purposes.
Regular penetration testing
To identify potential vulnerabilities, Ramp conducts ongoing automated penetration testing along with manual business logic assessments at regular intervals.
Annual external audits
A reputed external auditing firm assesses Ramp annually to confirm our adherence to SOC 2 compliance standards— a benchmark for handling customer data. We also ensure our partners provide current SOC 2 reports.
WAF and DDoS Mitigation
Ramp utilizes cutting-edge firewall services to defend against DDoS attacks and unauthorized system intrusions. Additional precautions include blocking certain geographies and implementing rate-limiting to fend off brute-force attacks.
Collaboration with trustworthy third parties
For services that involve third parties— like bank account linking—we only collaborate with partners (Finicity and Teller) who align with our stringent security protocols. Comprehensive contracts are in place, vetted by our legal team, and endorsed by our security experts.
PCI DSS compliance
In scenarios where Ramp interacts with cardholder data, we comply with Payment Card Industry Data Security Standards (PCI DSS) to maintain safety and security expectations.
Avoiding scams
Recognize phishing attempts
Ramp representatives will never request your password, card details, or verification codes. Scammers might pose as Ramp employees or your finance team to extract sensitive data. Learn to spot and handle phishing in your business. [Learn about phishing protection]
Report suspicious requests
Should you encounter any suspicious requests for sensitive information by someone claiming to be from Ramp, please report it directly to our support team. Log into your account and click the "Help" button in the sidebar's lower-left corner.
Understand fraud defenses
To understand how Ramp safeguards against fraudulent activities, please explore our defenses against fraud. [Learn about Ramp's fraud defenses]
By adopting these rigorous measures, Ramp ensures the safety and privacy of your business's financial operations.