Security | Brex
Open an account

Stay secure with Brex

Need help? If you suspect unauthorized activity or notice illegitimate communications related to your Brex account, please call the number on the back of your card or sign in to your dashboard to chat with Brex Support.

Security Page_Hero Asset

How Brex protects you

Fraud protection

Spend with confidence thanks to Brex’s advanced fraud monitoring, protection, and prevention.

Account security

Our priority is keeping your account safe with features that facilitate secure browsing, authorization, and authentication.

Data privacy

Protecting your privacy is core to how we’ve built Brex. We manage where and how we store your data, and do not include customer data in development or test environments. Read our Privacy Policy.

Privacy Policy->

Trusted partners

Brex works with PCI DSS-certified partners to safeguard your payment information to provide you with the best level of service.

Automation and manual review

Data modeling helps prevent fraud by ensuring that only authorized users can access accounts and make changes.

Account security

Secure browsing

Encryption

Our website uses industry-standard encryption to ensure protected transmission of data (HTTPS): AES-256 bit or better for RDS and S3 data encryption for data at rest and TLS 1.2 or better for transit.

Idle lockouts

Brex forces automatic signouts after inactivity to prevent unsanctioned access or use of the user’s account.

Security policy

Brex enforces a strict content security policy and iFrame protection to mitigate the threat of attacks such as ClickJacking.

Authentication

Secure ID and password

Brex enforces strong password requirements and supports mobile biometric authentication (Face ID/Touch ID).

Activity confirmation

Brex leverages both automated and manual review mechanisms to confirm account changes such as password resets.

Identity verification

Upon account creation, Brex customers are required to set up two-factor authentication so that even knowing a user's password is not enough to compromise their account.

Device verification

We require a one-time authorization for each browser on every device you use to sign in to Brex, which ensures that only your approved devices and IP addresses can access your Brex account.

Brex corporate security

Product security

Brex has a team of risk-minded information security professionals and experienced software engineers that are constantly building innovative and tailor-made features, services, and tools to protect customers.

Security by design

Security testing and code review– as well as mature logging, monitoring, alerting capabilities– are built into our engineering workflows, including the software development lifecycle.

Application security

Brex has a dedicated internal team of ethical hackers focused on the technical security of our web and mobile applications. We conduct ongoing penetration tests to proactively prevent weaknesses.

Incident response

Brex follows an established procedure for responding appropriately to potential incidents. All suspected incidents are managed by our Detection and Response team, which is all supported by logging, monitoring, and alerting capabilities.

Built-from-scratch

Rather than relying on outdated, legacy systems with known and easily exploitable vulnerabilities, we built and control the foundation of our technology.

Regulatory and standards compliance

Brex is SOC 2 Type II compliant and Brex Cash is regulated by FINRA.

How can I protect myself?

Protect your passwords

Choose strong, unique passwords and change them from time to time. This can prevent fraudsters from gaining access to your online Brex account or linked email accounts, and helps prevent ID theft.

Be vigilant about suspicious requests

Brex will never ask you to divulge your personal information by email or text. Please do not click any unsolicited links or open any attachments. Contact Brex Support if you’re unsure about the legitimacy of a request.

Review your credit report

To protect against identity theft, check your credit report at a regular cadence to verify all actions were intended.

Monitor your transactions

Regularly review your transaction history to ensure all payments are expected and legitimate. If you suspect that someone has gained unauthorized access to your account, please change your Brex password immediately and contact Brex Support.

Keep contact information updated

Make sure your email and phone number are always up to date so that we can reach you immediately if we detect any suspicious activity.

Update your devices

Updates often include the latest security features to protect your device.

Stay aware of scams

Fraudsters try to gain access to sensitive information like credit card numbers by posing as reputable sources. Avoid this by navigating directly to brex.com. If you encounter a scam such as a fake Brex website or ad, please report it to Brex Support immediately.

Brex Support->

Responsible disclosure

If you believe you have discovered a vulnerability in our systems or applications, we request that you disclose it to us via our responsible disclosures form.

Open form
Open an account

Stay secure with Brex

Need help? If you suspect unauthorized activity or notice illegitimate communications related to your Brex account, please call the number on the back of your card or sign in to your dashboard to chat with Brex Support.

Security Page_Hero Asset

How Brex protects you

Fraud protection

Spend with confidence thanks to Brex’s advanced fraud monitoring, protection, and prevention.

Account security

Our priority is keeping your account safe with features that facilitate secure browsing, authorization, and authentication.

Data privacy

Protecting your privacy is core to how we’ve built Brex. We manage where and how we store your data, and do not include customer data in development or test environments. Read our Privacy Policy.

Privacy Policy->

Trusted partners

Brex works with PCI DSS-certified partners to safeguard your payment information to provide you with the best level of service.

Automation and manual review

Data modeling helps prevent fraud by ensuring that only authorized users can access accounts and make changes.

Account security

Secure browsing

Encryption

Our website uses industry-standard encryption to ensure protected transmission of data (HTTPS): AES-256 bit or better for RDS and S3 data encryption for data at rest and TLS 1.2 or better for transit.

Idle lockouts

Brex forces automatic signouts after inactivity to prevent unsanctioned access or use of the user’s account.

Security policy

Brex enforces a strict content security policy and iFrame protection to mitigate the threat of attacks such as ClickJacking.

Authentication

Secure ID and password

Brex enforces strong password requirements and supports mobile biometric authentication (Face ID/Touch ID).

Activity confirmation

Brex leverages both automated and manual review mechanisms to confirm account changes such as password resets.

Identity verification

Upon account creation, Brex customers are required to set up two-factor authentication so that even knowing a user's password is not enough to compromise their account.

Device verification

We require a one-time authorization for each browser on every device you use to sign in to Brex, which ensures that only your approved devices and IP addresses can access your Brex account.

Brex corporate security

Product security

Brex has a team of risk-minded information security professionals and experienced software engineers that are constantly building innovative and tailor-made features, services, and tools to protect customers.

Security by design

Security testing and code review– as well as mature logging, monitoring, alerting capabilities– are built into our engineering workflows, including the software development lifecycle.

Application security

Brex has a dedicated internal team of ethical hackers focused on the technical security of our web and mobile applications. We conduct ongoing penetration tests to proactively prevent weaknesses.

Incident response

Brex follows an established procedure for responding appropriately to potential incidents. All suspected incidents are managed by our Detection and Response team, which is all supported by logging, monitoring, and alerting capabilities.

Built-from-scratch

Rather than relying on outdated, legacy systems with known and easily exploitable vulnerabilities, we built and control the foundation of our technology.

Regulatory and standards compliance

Brex is SOC 2 Type II compliant and Brex Cash is regulated by FINRA.

How can I protect myself?

Protect your passwords

Choose strong, unique passwords and change them from time to time. This can prevent fraudsters from gaining access to your online Brex account or linked email accounts, and helps prevent ID theft.

Be vigilant about suspicious requests

Brex will never ask you to divulge your personal information by email or text. Please do not click any unsolicited links or open any attachments. Contact Brex Support if you’re unsure about the legitimacy of a request.

Review your credit report

To protect against identity theft, check your credit report at a regular cadence to verify all actions were intended.

Monitor your transactions

Regularly review your transaction history to ensure all payments are expected and legitimate. If you suspect that someone has gained unauthorized access to your account, please change your Brex password immediately and contact Brex Support.

Keep contact information updated

Make sure your email and phone number are always up to date so that we can reach you immediately if we detect any suspicious activity.

Update your devices

Updates often include the latest security features to protect your device.

Stay aware of scams

Fraudsters try to gain access to sensitive information like credit card numbers by posing as reputable sources. Avoid this by navigating directly to brex.com. If you encounter a scam such as a fake Brex website or ad, please report it to Brex Support immediately.

Brex Support->

Responsible disclosure

If you believe you have discovered a vulnerability in our systems or applications, we request that you disclose it to us via our responsible disclosures form.

Open form

Stay secure with Brex

Need help? If you suspect unauthorized activity or notice illegitimate communications related to your Brex account, please call the number on the back of your card or sign in to your dashboard to chat with Brex Support.

Security Page_Hero Asset

How Brex protects you

Fraud protection

Spend with confidence thanks to Brex’s advanced fraud monitoring, protection, and prevention.

Account security

Our priority is keeping your account safe with features that facilitate secure browsing, authorization, and authentication.

Data privacy

Protecting your privacy is core to how we’ve built Brex. We manage where and how we store your data, and do not include customer data in development or test environments. Read our Privacy Policy.

Privacy Policy->

Trusted partners

Brex works with PCI DSS-certified partners to safeguard your payment information to provide you with the best level of service.

Automation and manual review

Data modeling helps prevent fraud by ensuring that only authorized users can access accounts and make changes.

Account security

Secure browsing

Encryption

Our website uses industry-standard encryption to ensure protected transmission of data (HTTPS): AES-256 bit or better for RDS and S3 data encryption for data at rest and TLS 1.2 or better for transit.

Idle lockouts

Brex forces automatic signouts after inactivity to prevent unsanctioned access or use of the user’s account.

Security policy

Brex enforces a strict content security policy and iFrame protection to mitigate the threat of attacks such as ClickJacking.

Authentication

Secure ID and password

Brex enforces strong password requirements and supports mobile biometric authentication (Face ID/Touch ID).

Activity confirmation

Brex leverages both automated and manual review mechanisms to confirm account changes such as password resets.

Identity verification

Upon account creation, Brex customers are required to set up two-factor authentication so that even knowing a user's password is not enough to compromise their account.

Device verification

We require a one-time authorization for each browser on every device you use to sign in to Brex, which ensures that only your approved devices and IP addresses can access your Brex account.

Brex corporate security

Product security

Brex has a team of risk-minded information security professionals and experienced software engineers that are constantly building innovative and tailor-made features, services, and tools to protect customers.

Security by design

Security testing and code review– as well as mature logging, monitoring, alerting capabilities– are built into our engineering workflows, including the software development lifecycle.

Application security

Brex has a dedicated internal team of ethical hackers focused on the technical security of our web and mobile applications. We conduct ongoing penetration tests to proactively prevent weaknesses.

Incident response

Brex follows an established procedure for responding appropriately to potential incidents. All suspected incidents are managed by our Detection and Response team, which is all supported by logging, monitoring, and alerting capabilities.

Built-from-scratch

Rather than relying on outdated, legacy systems with known and easily exploitable vulnerabilities, we built and control the foundation of our technology.

Regulatory and standards compliance

Brex is SOC 2 Type II compliant and Brex Cash is regulated by FINRA.

How can I protect myself?

Protect your passwords

Choose strong, unique passwords and change them from time to time. This can prevent fraudsters from gaining access to your online Brex account or linked email accounts, and helps prevent ID theft.

Be vigilant about suspicious requests

Brex will never ask you to divulge your personal information by email or text. Please do not click any unsolicited links or open any attachments. Contact Brex Support if you’re unsure about the legitimacy of a request.

Review your credit report

To protect against identity theft, check your credit report at a regular cadence to verify all actions were intended.

Monitor your transactions

Regularly review your transaction history to ensure all payments are expected and legitimate. If you suspect that someone has gained unauthorized access to your account, please change your Brex password immediately and contact Brex Support.

Keep contact information updated

Make sure your email and phone number are always up to date so that we can reach you immediately if we detect any suspicious activity.

Update your devices

Updates often include the latest security features to protect your device.

Stay aware of scams

Fraudsters try to gain access to sensitive information like credit card numbers by posing as reputable sources. Avoid this by navigating directly to brex.com. If you encounter a scam such as a fake Brex website or ad, please report it to Brex Support immediately.

Brex Support->

Responsible disclosure

If you believe you have discovered a vulnerability in our systems or applications, we request that you disclose it to us via our responsible disclosures form.

Open form