How Wave keeps your data secure

At Wave, we know you value the security of your data. To ensure your information is protected, Wave has built bank-grade security measures into the system. Here are some of the ways Wave keeps your information secure.

Secure data transmission

When you load a page in your browser, or upload something to Wave, all the information is encrypted while it’s moving over the internet. We secure your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping.

Secure data storage

Your accounting data is stored on servers that have strict physical access protocols, meaning there are rules in place limiting access to only the people who need it to do their jobs. The facilities are controlled with 24/7 monitoring, and the technology is digitally protected.

Wave doesn’t store credit card numbers. Credit card information is sent directly from the app or browser to our payments processor, and Wave receives a secure token back. This token is a code that authorizes Wave to complete the activity securely and efficiently, without storing or exposing your credit card information.

Wave is not HIPAA compliant. While our security measures may satisfy the requirements, Wave cannot co-sign as a Business Associate. Although Wave can be used without entering any Protected Health Information (PHI) into the system, we cannot offer any guidance, legal or otherwise, to help you with your decision-making.

Bank access security

The connection Wave makes with your financial institutions to import transactions is read-only. For increased security, Wave employs industry-leading online banking services to manage bank account and password data. These third parties are trusted by some of the world’s biggest banks.

Wave Payments security

Wave Payments is a PCI Level 1 Service Provider. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. The (PCI) Data Security Standards represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Merchants are responsible for the security of cardholder data and must be careful not to store certain types of data on their systems and ensure their third party service providers meet these PCI requirements.

Fraud prevention

We’ve built an internal risk system that uses a wide variety of tools and insights to protect you and your customers from fraud. We’ve integrated several third-party security and anti-fraud service providers to create a layered approach to risk detection, for the highest level of protection.

Wave currently does not support multi-factor authentication to log into your Wave account. However, if you use the Google sign-in option to log in, you can set up MFA for your Google account, which will apply when you log into Wave.

Wave is committed to the security and privacy of those who use Wave. To learn more about how we keep your information secure, read about Wave’s security measures and privacy policy.