Note: This article primarily applies to Ramp Administrators.
Cardholders may find other articles in the Ramp overview section to be more applicable.
Cardholders may find other articles in the Ramp overview section to be more applicable.
Overview
For a comprehensive overview of Ramp's security program, you can visit our Security Trust Center. Below are key highlights of how we protect your information:
Accessing Ramp
Ramp supports several authentication and account provisioning capabilities, for example:
- Single Sign-On (SSO) using trusted identity providers (e.g., Okta, Google, etc.) with multi-factor authentication (MFA) required to verify your account.
- SCIM provisioning by connecting your identity provider to automatically create, update, and terminate user accounts within the Ramp application directly from your provider (e.g., Okta), reducing manual effort and potential errors.
- Ability to assign user roles based on an individual’s responsibilities within your organization, limiting data access to only what’s required and enabling separation controls (e.g., approvals) over transaction activities.
- The Ramp app supports passkey logins, offering a more secure and seamless authentication experience. Unlike traditional passwords, passkeys are phishing-resistant and inherently strong.
Platform Features
- Login History: Available 30-day login history to enable security monitoring or troubleshooting.
- Security Notifications: Designate an IT & Security Contact to receive notifications regarding your account’s security and login configuration.
- Encryption: We follow industry standard methods to encrypt your data and keep your data safe while it's being sent and stored, preserving the integrity and reliability of your information against any tampering or alteration.
- Tokenization: We use tokenization technology that hides your credit card information (e.g., card number, CVV, etc). This means we swap out your sensitive information with safe substitutes, so your confidential details stay protected.
- Phishing Protection: Our Chrome extension blocks users from known phishing pages and automatically reports potential phishing sites to Ramp's Security team.
- Fraud Protection: We implement various Fraud Protection Measures, like account verification and card controls, to monitor and safeguard customer accounts from unauthorized access and fraudulent transactions.
- New Sign-In Notifications: Ramp's detection system automatically alerts you whenever a new sign-in is detected from an unrecognized device, helping you stay informed and secure.
Secure Operations
- Vetted Third Parties: We collaborate with partners and subprocessors who are vetted by our legal and security teams, making sure they meet industry standards of reliability, security, and compliance.
- Corporate Security: We have a comprehensive corporate security program to enhance Ramp’s resilience against potential threats and minimize the risk of disruption.
- Security Compliance: Ramp undergoes annual ISO 27001, SOC 1, SOC 2, and PCI audits to get external validation that our security program is aligned with industry standards.
- Privacy Measures: Ramp's Privacy Policy defines our approach to how we collect, use, and share information about you as well as your rights and choices regarding your data.
We recognize that security and privacy are fundamental to our customers’ trust, and we’re committed to maintaining a secure environment for handling your financial operations.
If you suspect a security incident or need to forward suspicious emails, you can contact abuse@ramp.com. If there is activity on your account that you don’t recognize, contact Ramp Support.