Stay secure with advanced protection from Brex.
Discover all the ways that Brex protects your data and keeps your enterprise safe.
Stay secure with advanced protection from Brex.
Discover all the ways that Brex protects your data and keeps your enterprise safe.
How Brex protects you
Account security
We ensure secure browsing and authentication with encryption, idle lockouts, 2FA, and more.
24/7 fraud protection
Spend with confidence thanks to Brex's advanced fraud monitoring, industry-leading AI technology, and 24/7 support.
Fraud prevention
Brex can prevent fraud before it happens by ensuring that only authorized users can access accounts and make changes.
Have concerns? If you suspect unauthorized activity or illegitimate communications related to your Brex account, please call the number on the back of your card or chat with Brex Support via your Brex dashboard or mobile app.
Account security
Encryption
Our website uses industry-standard encryption to ensure protected transmission of data (HTTPS): AES-256 bit or better for RDS and S3 data encryption for data at rest and TLS 1.2 or better for transit.Idle lockouts
Brex forces automatic signouts after inactivity to prevent unsanctioned access or use of the user’s account.Security policy
Brex enforces a strict content security policy and iFrame protection to mitigate the threat of attacks such as ClickJacking.
Authentication
Secure ID and password
Brex enforces strong password requirements and supports mobile biometric authentication (Face ID/Touch ID).Activity confirmation
Brex leverages both automated and manual review mechanisms to confirm account changes such as password resets.Device and ID verification
We require a one-time authorization for each browser on every device you use to sign in to Brex, as well as two-factor authentication to further protect your Brex account.Single Sign-On (SSO) integration
Brex Empower's SSO feature enables a secure — yet seamless — login experience through Okta, Microsoft, Google Workspace, and other identity providers (IdPs) that support OIDC or SAML.
Security at Brex
Security by design
Security testing and code review — as well as mature logging, monitoring, alerting capabilities — are built into our engineering workflows, including the software development lifecycle.
Application security
Brex has a dedicated internal team of security engineers focused on the technical security of our web and mobile applications. We conduct ongoing penetration tests to proactively prevent weaknesses.
Incident response
Brex follows an established procedure for responding appropriately to potential incidents. All suspected incidents are managed by our Security team with mature logging, monitoring, and alerting capabilities.
Built from scratch
Our experienced engineers built the critical components of our financial product in house to be in control. This allows us to easily make upgrades, patch systems, and continuously iterate on security.
Regulatory compliance
In addition to being SOC 1 Type II, SOC 2 Type II, and PCI-DSS compliant, Brex also fulfills requirements from FINRA, IT General Controls, NY Department of Financial Services, and more. Beyond those baseline requirements, Brex safeguards customer data with enhanced controls to ensure best-in-class protection.
How can I protect myself?
Responsible disclosure
If you believe you have discovered a vulnerability in our systems or applications, we request that you disclose it to us via our responsible disclosure form.
Trust at Brex
Brex is audited by major external auditing firms and regulators to ensure we exceed industry standard practices for security and technology governance. We are SOC 1 Type II, SOC 2 Type II, and PCI-DSS certified and fulfill compliance requirements from FINRA, IT General Controls, NY Department of Financial Services, and many others.
Visit our Trust Portal for more details and documentation related to our practices, policies, and programs.