To ensure your information is protected, Wave has built bank-grade security measures into the system. Here are some of the ways Wave keeps your information secure.
Secure data transmission
When you load a page in your browser, or upload something to Wave, all the information is encrypted while it’s moving over the internet. Wave secures your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping.
Secure data storage
Your accounting data is stored on servers that have strict physical access protocols, meaning there are rules in place limiting access to only the people who need it to do their jobs. The facilities are controlled with 24/7 monitoring, and the technology is digitally protected.
Wave doesn’t store credit card numbers. Credit card information is sent directly from the app or browser to Wave's payments processor, and a secure token is sent back. This token is a code that authorizes Wave to complete the activity securely and efficiently, without storing or exposing your credit card information.
Wave is not compliant with the Health Insurance Portability and Accountability Act (HIPAA), so healthcare-related businesses are not currently supported.
Bank access security
The connection Wave makes with your financial institutions to import transactions is read-only. For increased security, Wave employs industry-leading online banking services to manage bank account and password data. These third parties are trusted by some of the world’s biggest banks.
Wave Payments security
Wave is a PCI Level 1 Service Provider. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. The (PCI) Data Security Standards represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Merchants are responsible for the security of cardholder data and must be careful not to store certain types of data on their systems, and ensure their third party service providers meet these PCI requirements.
Wave has built an internal risk system that uses a wide variety of tools and insights to protect you and your customers from fraud. Wave has also integrated several third-party security and anti-fraud service providers to create a layered approach to risk detection, for the highest level of protection.
Wave currently does not support multi-factor authentication to log in to your account. However, if you use the Google sign-in option to log in, you can set up MFA for your Google account, which will apply when you log in to Wave.