Trust at Float
Float is built from the ground-up with financial control at the centre of everything we do.
TRUSTED BY 7,000+ COMPANIES
.png)
Data and fraud protection
Float is SOC 2 Type 2 and PCI-DSS compliant and committed to the highest level of security and industry standards.
End-to-end data encryption
Float uses advanced security measures that ensure the confidentiality, integrity, and protection of all sensitive data including TLS 1.2 or higher encryption of sensitive data, penetration testing, and vulnerability assessments.
Zero fraud liability protection
Float has you covered so you’re not responsible for fraudulent transactions. Plus, our intelligent software can detect fraud patterns and identify inconsistent behaviour so you’re notified immediately.
Effortless dispute resolution
If you’re the victim of fraud, you can get funds back in as little as 3 business days. You can easily submit a dispute directly in-app and our team will work with you to resolve disputes and ensure your cards are protected.
Reliability you can count on
Float maintains high availability across all services. Our infrastructure is built on AWS with redundancy designed to keep your business running, including real-time transaction processing and 24/7 monitoring.
Product security
Float’s smart corporate cards are powered by intelligent spend management software that give your team control over who spends what and real-time visibility into transactions.
Stay in control with real-time visibility and the ability to freeze or cancel cards at any time.
Payment security
Float is PCI-DSS certified, meaning we abide by the highest standard of security in the storage, processing, and transmission of cardholder data.
With advanced fraud detection and prevention protocols, 24/7 fraud monitoring, and 3D Secure, you can rest easy knowing your company spending is with Float.
User Management
Float keeps your accounts safe with multi-factor authentication and SAML single sign-on.
With dynamic approver roles and HRIS integrations, you can easily manage the employee lifecycle and ensure only authorized users have access to Float.
Banking partners
Float works with established financial institutions to deliver secure, reliable services:
- Visa — CAD corporate card network
- Mastercard — USD corporate card network
- CDIC — Funds held at one or more Canadian financial institutions that are members of the Canada Deposit Insurance Corporation (“CDIC”) and are eligible for CDIC deposit insurance, subject to applicable coverage limits
Float security framework
Security is one of the most important things we do. Here’s our framework to comply with industry standard controls and ensure the highest level of security.
Least privilege
Access to organizational resources and information should be granted on a need-to-know basis.
Defense-in-depth
Organizational security is layered to provide multiple levels of protection.
Risk management
Organizational security is based on an assessment of the potential risks and threats faced by Float.
Compliance
Float complies with all applicable laws, regulations and industry standards related to security.
Compliance and certifications
Float abides by the highest standard of security in the storage, processing, and transmission of cardholder data.
We worked with a Qualified Security Assessor to confirm that we comply with the requirements under PCI-DSS and receive our PCI-DSS SAQ D Report & Attestation of Compliance (AOC).
Float implements encryption, access control and monitoring to mitigate risks of digital storage not actively being processed or transmitted.
Float uses TLS 1.2 or higher encryption to transmit data. Server TLS keys and certificates are managed through AWS.
Float completes annual penetration testing with an external audit firm specializing in security controls assessment
Float undergoes vulnerability scanning at key stages to actively monitor threats, including network vulnerability scanning on a period basis, malicious dependency scanning to prevent the introduction of malware and Intrusion Detection & Prevention.
Float successfully completed the AICPA Service Organization Control
(SOC) 2 Type 2 audit. The audit confirms that Float’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.
You can request a copy of our SOC 2 Report at our Trust Centre.
Float uses Okta to secure our identity and access management. Float employees are granted access to applications based on their role. Access must be approved according to the policies set for each application.
We have implemented firewalls to protect our systems from unauthorized access. Our firewalls are regularly updated to ensure they are up-to-date and provide the highest level of protection.
Our systems are updated regularly with the latest security patches to ensure that any vulnerabilities are addressed promptly.
Float uses a risk management approach to vendor security. Vendors are reviewed and evaluated regularly based on access to customer and corporate information, integration with production environments, and reputational damage. All vendors that we engage with have completed an information security assessment in accordance with our TPRM guidelines.
Explore our trust centre
Access SOC 2 & PCI reports and learn more about our compliance and security controls.
Float is always open to feedback, questions and suggestions. Email us at security@floatfinancial.com.