Our mission at TransferWise is to give you cheap, convenient, and instant money transfers. At the heart of this is trust and transparency — you should trust us to keep your money safe. And you should know exactly how we’re doing that.
Account and Data Security
We are using the latest Transport Layer Security to keep your data safely encrypted in transit and encrypt data at rest. We run regular vulnerability scans and use independent auditors for Internal and External Penetration Tests and other Security Scans. Our Security Operations Team is monitoring constantly for any anomalies or account takeover attempts and keeping up with latest attack vectors to keep your data and money safe. Using just passwords to login is not safe, so we enforce 2 Factor Authentication on our Borderless accounts and recommend that you use it always.
We send you emails only from transferwise.com addresses and we have set up DMARC reject mode to make it hard for criminals to send phishing emails from our domain.
Transferwise provides services from ISO27001 and PCI DSS compliant AWS datacenters. We protect our servers from attacks and abuse:
- We use Cloudflare for DDoS protection and Web Application Firewall
- We harden our servers with additional security measures, like making sure restrictive firewalls are configured and login is only allowed in a secure manner
- Access to our servers is tightly controlled and we keep audit logs of all issued commands
- We regularly patch and update the software we run. We do periodic scans to find out-of-date software.
Trust and compliance
We are regulated by FCA, registered with regulators in different countries across the world and have state licenses in the US. We are constantly audited by independent finance and IT auditors, we are SOC 1 type 2, SOC 2 type 2, PCI DSS certified, GDPR compliant and we follow ISO27001. Our customers rate us with 5/5 on trustpilot.com.
How you can help
Keeping your account secure is a shared responsibility. Here’s what you can do to increase the security of your account.
- This requires your password and phone verification before we log you in. It means a small extra effort on your part, but really helps to protect your money. We recommend that you use our app based confirmation method rather than SMS, which is more convenient and more secure.
Keep an eye out for phishing. You might receive an email or phone call from someone claiming to be TransferWise. Double-check their identity before providing any sensitive information. In case of e-mails, verify that the sender’s domain was @transferwise.com. Malicious emails will usually come from very similar domains, like transferwise-payments.com, translerwise.com or transferwise.bank – none of those is us. All links in our emails, that require you to enter account details, will always link to transferwise.com. We will not ask for your password anywhere except transferwise.com.
Use a strong unique password. Most online identities are tied to knowing a set of secret characters – your password. Whoever knows or guesses it, is identified as you. Computers have become really good at guessing easy passwords and data breaches from other platforms make reusing the same password in multiple sites a bad idea. For this reason, it is important to use a long and unique password. We know that the current password system is broken and creating strong, unique and memorable passwords is hard. The solution? Using a password manager. Two of the most popular ones are LastPass and 1Password. With a password manager, your password can be 16 characters of random letters, that you are not required to remember.
We also support responsible disclosure reporting for vulnerabilities.