Stay secure with Brex
Need help? If you suspect unauthorized activity or notice illegitimate communications related to your Brex account, please call the number on the back of your card or sign in to your dashboard to chat with Brex Support.
How Brex protects you
Spend with confidence thanks to Brex’s advanced fraud monitoring, protection, and prevention.
Our priority is keeping your account safe with features that facilitate secure browsing, authorization, and authentication.
Brex works with PCI DSS-certified partners to safeguard your payment information to provide you with the best level of service.
Automation and manual review
Data modeling helps prevent fraud by ensuring that only authorized users can access accounts and make changes.
Our website uses industry-standard encryption to ensure protected transmission of data (HTTPS): AES-256 bit or better for RDS and S3 data encryption for data at rest and TLS 1.2 or better for transit.
Brex forces automatic signouts after inactivity to prevent unsanctioned access or use of the user’s account.
Brex enforces a strict content security policy and iFrame protection to mitigate the threat of attacks such as ClickJacking.
Secure ID and password
Brex enforces strong password requirements and supports mobile biometric authentication (Face ID/Touch ID).
Brex leverages both automated and manual review mechanisms to confirm account changes such as password resets.
Upon account creation, Brex customers are required to set up two-factor authentication so that even knowing a user's password is not enough to compromise their account.
We require a one-time authorization for each browser on every device you use to sign in to Brex, which ensures that only your approved devices and IP addresses can access your Brex account.
Brex corporate security
Brex has a team of risk-minded information security professionals and experienced software engineers that are constantly building innovative and tailor-made features, services, and tools to protect customers.
Security by design
Security testing and code review– as well as mature logging, monitoring, alerting capabilities– are built into our engineering workflows, including the software development lifecycle.
Brex has a dedicated internal team of ethical hackers focused on the technical security of our web and mobile applications. We conduct ongoing penetration tests to proactively prevent weaknesses.
Brex follows an established procedure for responding appropriately to potential incidents. All suspected incidents are managed by our Detection and Response team, which is all supported by logging, monitoring, and alerting capabilities.
Rather than relying on outdated, legacy systems with known and easily exploitable vulnerabilities, we built and control the foundation of our technology.
Regulatory and standards compliance
Brex is SOC 2 Type II compliant and Brex Cash is regulated by FINRA.