Divvy product updates:

Making Divvy even more secure

Divvy takes a preventative and proactive approach when it comes to security and fraud. That’s why we’re constantly researching fraud trends and staying up to date on the latest security advancements. Below, we talk about recent updates we’ve added to continue to put security first and share best practices when it comes to managing expenses with Divvy’s platform. Check it out.

Recent product security updates

Once Divvy has been connected to Slack, simple, easy-to-use Slack commands allow you and your employees to quickly request additional Divvy funds straight from within Slack. These requests are sent to the necessary approvers in both Slack and in the Divvy web and mobile apps.

3D Secure
We just added 3-D Secure to our toolbox to help protect our customers from fraud. 3-D Secure provides issuers and merchants a way to distinguish good transactions from bad transactions. It was created to prevent fraud and keep digital transactions and their authentication fast and secure for both merchants and consumers.

To learn more about 3-D Secure, check out our 3-D Secure Overview in our help center.*

Device and Browser verification
We implemented a new device verification method in the login flow for our web and mobile app to make Divvy more secure. Users will now be asked to verify the device they are using to log in via email verification. (Users will have the option to have Divvy remember their device from that point on so they won’t have to verify their device each time they log in.)
To learn more, view this help article on device verification.

Compromised Login
We partnered with a third party verification system to make sure your credentials haven’t been compromised on another app or site outside of Divvy. If we detect your password may be compromised, we’ll warn you the first time we detect a compromised password. If this warning is dismissed, you’ll be required to reset your password the next time you log in. Learn more about this added security measure here.

Apple and Google Pay email verification*
Apple Pay and Google Pay are designed with your security and privacy in mind, making it a simpler and more secure way to pay than using your physical credit, debit, and prepaid cards. Apple Pay uses security features built-in to the hardware and software of your device to help protect your transactions. Apple Pay and Google Pay don’t share your actual card number, so your information stays secure. You can even add virtual Divvy cards to your Apple Pay or Google Pay accounts.
Before your card works on Apple Pay or Google Pay, you will receive an email to verify that you are ok with your Divvy card being used with those services. Interested in getting Apple or Google Pay set up? Watch this video.

Dispute tags
After a transaction has been disputed, the new “Disputed” status tags will show exactly which transaction was disputed in your transaction tab. You also won’t have to guess if a credit or subsequent debit is related to your dispute because with the new “Dispute Update” tag will let you know.

Account summary changes email
If any changes are made to your account, you’ll now receive a confirmation email with a summary of those changes to make sure the changes were made by the correct admin and/or user and updated as intended.

More on what we do

We do a lot at Divvy to ensure the platform’s security, but here are a few things we want to highlight.

  • We have multiple teams of dedicated and experienced fraud experts that actively monitor the platform for suspicious activity.
  • Divvy leverages multiple advanced third-party platforms to monitor all transactions in real time to prevent fraud incidents and protect your business.
  • We provide advanced alerts and fraud reporting for all customers to make sure that any suspicious activity is stopped in its tracks.
  • Our cards are secured through randomization during creation and have additional controls through our software that other traditional credit cards don’t, including card limits, customizable expiration dates, associated budgets, and flexible approval processes.

Best practices checklist

On top of all of Divvy’s security features, there are also recommendations on best practices we share with our customers.

  • Use one virtual card per vendor where possible. Similar to best practices of not re-using a single password, this helps isolate/mitigate potential fraud exposure
  • Customize your expiration dates to be shorter for virtual cards created for one-time purchases
  • Leverage Divvy’s budget and card limits to ensure employees can only spend what they need. Divvy’s unique budgets and card limits also help reduce the size of potential losses in the rare situation of a fraud attack.
  • Make sure that you’re always logging in to Divvy’s official website. Fraudsters try to spoof a website with a fake url that looks like Divvy but isn’t to steal your login credentials. Always be careful not to log in to fake websites, or click unknown links in your emails asking for your Divvy username and password.
  • If something feels fishy, reach out directly to divvy support rather than providing your login credentials to a fraudster.

Want to know more about general security practices at Divvy? Check out our security page.

*3D Secure and Apple and Google Pay are only available for companies using Divvy’s Visa® Business cards. Not all customers are eligible for Divvy Visa® Business cards at this time, but if you’d like to know if you qualify, please visit getdivvy.com/credit/visa/ to join the waitlist and our team will be in touch!

Card issued by Cross River Bank, Member FDIC