Security at Abacus
Keeping your information secure is our #1 priority
We understand the importance of ensuring that sensitive company and personal information is secure. This underpins how we build Abacus and how we select our integration partners.
How is Abacus application data secured and stored?
Abacus application data is transmitted over a 256-bit encrypted channel (SSL). All expense data and card transaction details are stored in Amazon RDS and receipt images are stored in Amazon S3. All Abacus application data is backed up and data is stored for a minimum of 7 years. It will always be available for viewing or export either through the application or by contacting us directly.
How is my bank account information secured?
All bank account information is stored in Amazon RDS and encrypted at rest. Account numbers are always encrypted, and decryption is only possible with dedicated hardware in our private network. Bank login information you provide to connect with your Abacus account is stored with Plaid, one of our integration partners, who employ strict security policies for storing and accessing data.
How is my credit card information secured?
Abacus does not store any credit card account or login information within our system. All credit card information is stored with our data integration partners who each have their own security policies. Plaid regularly undergoes both internal and external network penetration tests, third-party code reviews, and PCI re-certification, as well as having completed a SOC 2 report. Their security policy also includes information on how data is accessed and controlled. Finicity holds AICPA SOC 2, Type I, and PCI DSS 3.0 regulatory certifications. Their security policy also includes the use of multiple security technologies at the application, network, and database layers.
How does Abacus help prevent fraudulent access to your accounts?
Keeping your information secure is our #1 priority. Abacus offers a variety of Two-Factor Authentication (2FA) methods, security settings that require two forms of identification for login, to help prevent fraudulent access to your accounts.
- Administrators can configure SSO/SAML so that users must log in through your company's Identity Provider.
- Administrators can require Two-Factor Authentication (2FA) for all users, which requires that they provide an additional form of identification every time that they log in to Abacus.
- Users can choose to configure Two-Factor Authentication (2FA) if not required by their administrator.
- By default, all users who do not have one of the Two-Factor Authentication Methods listed above will have a Two-Factor Authentication (2FA) code sent to their email address any time they log in from a new device or location. After completing the 2FA process, they will not be prompted to enter a new code from that device or location for at least 14 days.