How Relay keeps your money safe

By Matas Pranckevicius

Content Manager, Relay

Your money—safe, easily accessible, with a reliable custodian. That's the basic expectation we have with any banking service. But what goes into actually delivering true security in digital banking?

Keeping you and your money safe is the number one priority at Relay. We put together a quick guide on the measures Relay takes to protect you from bad actors—and what other steps you can take to improve security.

Security measures at Relay

When it comes to modern digital banking, security is multi-layered. That’s why Relay takes multiple measures to protect your money against different types of risks:

Here are the measures we take to protect you against each type of risk.

Live: How to Grow Your Business Without Chasing More Clients

Tuesday, November 26 | Ft. Certified Profit First Professional Debbie Deknight

Save Your Spot

Protection against digital risks

As a digital banking platform, Relay takes comprehensive measures to safeguard your account from online breaches.

Encryption

Relay employs industry-standard encryption to ensure secure and protected transmission of data. An AES-256-GCM encryption algorithm is used for data-at-rest encryption. We enforce TLS 1.2 or better, with Forward Secrecy for in-transit encryption.

Robust monitoring

We consistently monitor our platform and log all points of access using CloudWatch and CloudTrail. Our Security team is immediately alerted to unusual behavior and follows an established, industry-standard procedure when responding to potential incidents.

Two-factor authentication (2FA)

This method is the number one way to protect your account—simply turning on two-factor authentication (2FA) can stop over 99% of account compromise attacks. That’s why 2FA is required for all Relay accounts by default.

Regular penetration tests

Relay regularly audits its systems to identify potential vulnerabilities. This is in addition to our vulnerability disclosure program, managed by HackerOne, which is continuously working to help us identify potential vulnerabilities. To learn more about the program and how to participate in it, see below.

Employee security

All Relay employees undergo full background checks before joining the team and are required to complete security training as they onboard. Employee access to internal systems is managed through zero-trust tunnels, and all activity is logged and monitored. Additionally, we follow best security practices, such as the principle of least privilege, when it comes to employee mobile device management, virus protection, and disk encryption.

Protection against fraud

Fraud costs the global economy $5 trillion globally. Here are the measures we take to combat it:

Transaction monitoring

Relay locks accounts and notifies users when our transaction monitoring systems identify unusual or suspicious transactions that are outside of an account’s normal spending activity.

Debit card controls

If a physical or virtual debit card is suspected to be compromised, customers can immediately freeze and terminate the card in just a few seconds by logging into Relay and navigating to the Cards section.

Visa® Zero Liability Protection

When you use Relay’s Visa® debit cards, you’re not held responsible for unauthorized charges made with your account or account information. You're protected if your card is lost, stolen, or fraudulently used, online or offline.

Protection against systemic risks

FDIC insurance

The Federal Deposit Insurance Corporation (FDIC) protects you, the account holder, in the case of a bank failure. If the partner bank where your money is stored runs out of money or files for Chapter 11 bankruptcy, the FDIC will reimburse you for any losses up to $250,000.

Insured cash sweep program

Relay and Thread Bank, our primary partner bank, is offering an insured cash sweep program for those needing more protection. Customers that opt in to the program will receive expanded FDIC insurance that covers up to $2,000,000 in deposits. To learn more about the program, head here.

Measures you should take to protect yourself

In addition to the security provided by Relay, we recommend following some best practices that reduce the risk of having your account compromised.

Use strong, unique passwords

Create a different, strong password for every single login, including Relay, and do not use the same (or a similar) format when creating a new password for other apps. A unique password is especially important for your banking app and any other app used to manage money. Use an industry-leading password manager like 1Password to help you keep track of all logins.

Use biometrics

Set up biometric authentication (face/fingerprint ID), following the instructions outlined here, to further secure access to Relay from your mobile device.

Regularly review your bank feed

Consistently review transactions and other account activity, like debit card creation, to identify unusual activity quickly. If you notice something suspicious, please reset your password and report it to our Customer Support Team at 1-888-205-9304 ASAP.

Set up alerts

Set up email notifications to be alerted to account activity, like payments being sent. To set up notifications, in your Relay account, go to Settings > Notifications. If you notice something suspicious, please reset your password and report it to our Customer Support Team at 1-888-205-9304 ASAP.

Review account session logs

Regularly review your account sessions to identify any logins from unfamiliar devices or locations. Go to Settings > Session Activity to do so. If you notice suspicious activity,  please reset your password and report it to our Customer Support Team at 1-888-205-9304 ASAP.

Stay vigilant

Be vigilant against phishing attempts to access your Relay account. In a phishing attack, a hacker might pose as Relay to try and get you to share your login information. Relay will never ask you to share your phone number, password or 2FA code over social media. Our only login URL is https://app.relayfi.com/login. We’re @bankwithRelay and @relay.hq on Instagram, and we’re @bankwithrelay on Twitter, LinkedIn and Facebook. All other Relay accounts on these platforms are unauthorized and not managed by our team. And, we will only send you emails from @relayfi.com and @bankwithrelay.com domains.

How to report a potential vulnerability to Relay

If you’ve identified a vulnerability in Relay, we invite you to report it to our team.

Relay partners with HackerOne to offer a vulnerability disclosure program. The invite-only program provides individuals with monetary rewards for safely disclosing potential privacy vulnerabilities in non-production environments. Our Security team follows an established procedure when responding to potential vulnerabilities disclosed through this program.

If you would like to join Relay’s vulnerability disclosure program, or if you have any other questions related to security measures at Relay, please let us know at security@relayfi.com.