Application Security

Ensuring the security of your application is critical, as this provides access to worker banking and financial information. Below are recommended best practices:

• Ensure that account changes are properly secured – Consider adding Multi-Factor Authentication (MFA) to the login process to help prevent unauthorized updates to the debit card on file and other sensitive account information.
  • Implementing context-aware MFA (also called step-up authentication) is a best practice in security. The idea is to vary the MFA method based on the action’s risk level, making it harder for attackers to take over an account, even if they compromise one MFA method.
• Ensure that Real-Time Alerts for account changes are enabled – Notify users of login attempts, password changes, card adds/deletes/changes, and other high risk in-app activities.
• Establish password policies – Enforce strong password rules (length, complexity, expiration) and block commonly used passwords.
• Implement rate limiting and lockouts – Temporarily lock accounts after multiple failed login attempts to prevent brute-force attacks.
• Implement anomaly detection and risk-based authentication – Detect unusual login attempts (e.g., new device, location) and require additional verification.
• Use device fingerprinting – Track device characteristics and flag suspicious logins.