Security measures Brex takes
Overview
Fraud and cybersecurity attacks, especially phishing attacks, have been on the rise. At Brex, we take the security of your personal and financial information seriously, and we're regularly investing in security measures to better protect you.
Account security
Every Brex account has multiple security controls to protect it from scammers who may have gained access to your sign-in credentials via phishing attacks. Phishing refers to a criminal’s attempt to steal your confidential information, such as passwords or account numbers, through deceptive means. Phishers often pose as employees, third-party agents, websites, or chatbots — even impersonating Brex employees or affiliates. In your dashboard under Manage your account > Security & privacy, you can monitor potentially suspicious activities, such as devices that have access to your Brex account, merchants that have your cards on file, and sign ins/purchases that we’ve flagged as potentially suspicious. If any of these entries seem unusual, you can click into them for more details or to take action accordingly. Anyone who chats, calls, or emails Brex Support on behalf of your account will be asked to pass a security check before we can provide them with any account-specific information. For the most efficient experience, please chat with us through your dashboard or call us from the phone number associated with your account.
Card security
Manual locking
We allow your Brex cards — virtual or physical — to be locked at any time. This can be done by both the cardholder and account/card admins in your Brex dashboard. The cardholder themselves can also lock their own cards in their Brex app. Note: If the account/card admin locks a card on behalf of the user, only an account/card admin can unlock it. Locking your Brex card will prevent any charges from going through until it's unlocked. You should lock your card if you temporarily misplace it or have reason to believe there may have been fraudulent transactions.
- Not allowed on locked cards:
- New purchases
- Recurring transactions
- Allowed on locked cards:
- Returns
- Credits
- Dispute adjustments
- Statement payments
- Rewards redemptions
- Exempted transactions
- Delayed authorizations (such as some transit purchases)
If you find your card or rule out fraud, you may easily unlock your card through the Brex dashboard or the mobile app. Please note that your card number will not change.
Automatic locking
We also keep an eye out for any suspicious transactions that take place on your card. If we detect unusually spend, your card will lock automatically and we’ll notify you via SMS so you can review potentially fraudulent transactions. If you find the transactions are valid, you can unlock your card from the notification and continue spending as usual. If you don’t recognize the expense, you can submit a fraud dispute by signing into Brex.
Flagged merchants
Your card may lock if we detect that it’s been used at a merchant where other users have reported problems, or if you transact with a merchant that falls outside of our Platform Agreement. If you try to use your card again at the same merchant that triggered the initial lock, your card will likely be locked again.
If you can confirm that this merchant falls within our Platform Agreement, feel free to try using a different card (physical or virtual) to complete the transaction or reach out to us to see if we can troubleshoot further.
Incorrect CVV
When your card’s CVV has been entered incorrectly three consecutive times, the payment processor will block access to your card for 24 hours. This is the case with all Mastercard cards and is a security measure to help protect your cards from fraud attempts. Once the card is locked, there isn’t a way to bypass it until the 24 hours have passed. In the meantime, we recommend using another one of your other Brex cards to make transactions.
Audit trail
PremiumEnterprise
The audit trail displays a series of events so that admins can track events performed on the Brex platform, including the type of event, data modified, who performed the event, where the event was performed (physical location), IP address, and when the event was performed. To view the audit trail, click Security. Here, you can view, filter, and export a CSV list of all the events going back 90 days. To view more details about an event, select the expense you’d like to know more about. You can export based on date, actor (user), actor type (API, support, user, system), target type, event type, or specific event. If you have trouble exporting a list of events, please reach out to our Support team. Note: Currently, the audit trail displays events related to policy, users, expenses, bills, accounting, reimbursements, budgets and spend limits.