Your money—safe, easily accessible, with a reliable custodian. That's the basic expectation we have with any banking service. But what goes into actually delivering true security in digital banking?
Keeping you and your money safe is the number one priority at Relay. We put together a quick guide on the measures Relay takes to protect you from bad actors—and what other steps you can take to improve security.
Security measures at Relay
When it comes to modern digital banking, security is multi-layered. That’s why Relay takes multiple measures to protect your money against different types of risks:
Here are the measures we take to protect you against each type of risk.
Live: How to Grow Your Business Without Chasing More Clients
Tuesday, November 26 | Ft. Certified Profit First Professional Debbie Deknight
Save Your SpotProtection against digital risks
As a digital banking platform, Relay takes comprehensive measures to safeguard your account from online breaches.
Encryption
Relay employs industry-standard encryption to ensure secure and protected transmission of data. An AES-256-GCM encryption algorithm is used for data-at-rest encryption. We enforce TLS 1.2 or better, with Forward Secrecy for in-transit encryption.
Robust monitoring
We consistently monitor our platform and log all points of access using CloudWatch and CloudTrail. Our Security team is immediately alerted to unusual behavior and follows an established, industry-standard procedure when responding to potential incidents.
Two-factor authentication (2FA)
This method is the number one way to protect your account—simply turning on two-factor authentication (2FA) can stop over 99% of account compromise attacks. That’s why 2FA is required for all Relay accounts by default.
Regular penetration tests
Relay regularly audits its systems to identify potential vulnerabilities. This is in addition to our vulnerability disclosure program, managed by HackerOne, which is continuously working to help us identify potential vulnerabilities. To learn more about the program and how to participate in it, see below.
Employee security
All Relay employees undergo full background checks before joining the team and are required to complete security training as they onboard. Employee access to internal systems is managed through zero-trust tunnels, and all activity is logged and monitored. Additionally, we follow best security practices, such as the principle of least privilege, when it comes to employee mobile device management, virus protection, and disk encryption.
Protection against fraud
Fraud costs the global economy $5 trillion globally. Here are the measures we take to combat it:
Transaction monitoring
Relay locks accounts and notifies users when our transaction monitoring systems identify unusual or suspicious transactions that are outside of an account’s normal spending activity.
Debit card controls
If a physical or virtual debit card is suspected to be compromised, customers can immediately freeze and terminate the card in just a few seconds by logging into Relay and navigating to the Cards section.
Visa® Zero Liability Protection
When you use Relay’s Visa® debit cards, you’re not held responsible for unauthorized charges made with your account or account information. You're protected if your card is lost, stolen, or fraudulently used, online or offline.
Protection against systemic risks
FDIC insurance
The Federal Deposit Insurance Corporation (FDIC) protects you, the account holder, in the case of a bank failure. If the partner bank where your money is stored runs out of money or files for Chapter 11 bankruptcy, the FDIC will reimburse you for any losses up to $250,000.
Insured cash sweep program
Relay and Thread Bank, our primary partner bank, is offering an insured cash sweep program for those needing more protection. Customers that opt in to the program will receive expanded FDIC insurance that covers up to $2,000,000 in deposits. To learn more about the program, head here.
Measures you should take to protect yourself
In addition to the security provided by Relay, we recommend following some best practices that reduce the risk of having your account compromised.
Use strong, unique passwords
Create a different, strong password for every single login, including Relay, and do not use the same (or a similar) format when creating a new password for other apps. A unique password is especially important for your banking app and any other app used to manage money. Use an industry-leading password manager like 1Password to help you keep track of all logins.
Use biometrics
Set up biometric authentication (face/fingerprint ID), following the instructions outlined here, to further secure access to Relay from your mobile device.
Regularly review your bank feed
Consistently review transactions and other account activity, like debit card creation, to identify unusual activity quickly. If you notice something suspicious, please reset your password and report it to our Customer Support Team at 1-888-205-9304 ASAP.
Set up alerts
Set up email notifications to be alerted to account activity, like payments being sent. To set up notifications, in your Relay account, go to Settings > Notifications. If you notice something suspicious, please reset your password and report it to our Customer Support Team at 1-888-205-9304 ASAP.
Review account session logs
Regularly review your account sessions to identify any logins from unfamiliar devices or locations. Go to Settings > Session Activity to do so. If you notice suspicious activity, please reset your password and report it to our Customer Support Team at 1-888-205-9304 ASAP.
Stay vigilant
Be vigilant against phishing attempts to access your Relay account. In a phishing attack, a hacker might pose as Relay to try and get you to share your login information. Relay will never ask you to share your phone number, password or 2FA code over social media. Our only login URL is https://app.relayfi.com/login. We’re @bankwithRelay and @relay.hq on Instagram, and we’re @bankwithrelay on Twitter, LinkedIn and Facebook. All other Relay accounts on these platforms are unauthorized and not managed by our team. And, we will only send you emails from @relayfi.com and @bankwithrelay.com domains.
How to report a potential vulnerability to Relay
If you’ve identified a vulnerability in Relay, we invite you to report it to our team.
Relay partners with HackerOne to offer a vulnerability disclosure program. The invite-only program provides individuals with monetary rewards for safely disclosing potential privacy vulnerabilities in non-production environments. Our Security team follows an established procedure when responding to potential vulnerabilities disclosed through this program.
If you would like to join Relay’s vulnerability disclosure program, or if you have any other questions related to security measures at Relay, please let us know at security@relayfi.com.