🎉 A recap of our progress in 2024, 10 months into founder mode →

Trust HomeTrust Home

Stay secure with advanced protection from Brex.

Discover all the ways that Brex protects your data and keeps your enterprise safe.

Contact sales
Trust mobile
Trust mobile

Stay secure with advanced protection from Brex.

Discover all the ways that Brex protects your data and keeps your enterprise safe.

Contact sales

How Brex protects you

Account security

We ensure secure browsing and authentication with encryption, idle lockouts, 2FA, and more.

Data privacy

Protecting your privacy is core to how we’re building Brex.

Read our privacy policy 

24/7 fraud protection

Spend with confidence thanks to Brex's advanced fraud monitoring, industry-leading AI technology, and 24/7 support.

Fraud prevention

Brex can prevent fraud before it happens by ensuring that only authorized users can access accounts and make changes.

Have concerns? If you suspect unauthorized activity or illegitimate communications related to your Brex account, please call the number on the back of your card or chat with Brex Support via your Brex dashboard or mobile app.

Account security

  • Encryption
    Our website uses industry-standard encryption to ensure protected transmission of data (HTTPS): AES-256 bit or better for RDS and S3 data encryption for data at rest and TLS 1.2 or better for transit.

  • Idle lockouts
    Brex forces automatic signouts after inactivity to prevent unsanctioned access or use of the user’s account.

  • Security policy
    Brex enforces a strict content security policy and iFrame protection to mitigate the threat of attacks such as ClickJacking.

Secure browsing
Secure browsing
Authentication
Authentication

Authentication

  • Secure ID and password
    Brex enforces strong password requirements and supports mobile biometric authentication (Face ID/Touch ID).

  • Activity confirmation
    Brex leverages both automated and manual review mechanisms to confirm account changes such as password resets.

  • Device and ID verification
    We require a one-time authorization for each browser on every device you use to sign in to Brex, as well as two-factor authentication to further protect your Brex account.

  • Single Sign-On (SSO) integration
    Brex Empower's SSO feature enables a secure — yet seamless — login experience through Okta, Microsoft, Google Workspace, and other identity providers (IdPs) that support OIDC or SAML.

Security at Brex

Product security

Our Security & Privacy Center (SPC) enables Brex users to view their cookie preferences, device permissions, active sessions, data visibility, and more.

Learn more about SPC 

Security by design

Security testing and code review — as well as mature logging, monitoring, alerting capabilities — are built into our engineering workflows, including the software development lifecycle.

Application security

Brex has a dedicated internal team of security engineers focused on the technical security of our web and mobile applications. We conduct ongoing penetration tests to proactively prevent weaknesses.

Incident response

Brex follows an established procedure for responding appropriately to potential incidents. All suspected incidents are managed by our Security team with mature logging, monitoring, and alerting capabilities.

Built from scratch

Our experienced engineers built the critical components of our financial product in house to be in control. This allows us to easily make upgrades, patch systems, and continuously iterate on security.

Regulatory compliance

In addition to being SOC 1 Type I, SOC 2 Type II, and PCI-DSS compliant, Brex also fulfills requirements from FINRA, IT General Controls, NY Department of Financial Services, and more. Beyond those baseline requirements, Brex safeguards customer data with enhanced controls to ensure best-in-class protection.

How can I protect myself?

How can I protect myself?

Protect your passwords

Choose strong, unique passwords, and store them in a password manager if possible. This can prevent fraudsters from gaining access to your online Brex account or linked email accounts and helps prevent ID theft.

Be vigilant about suspicious requests

Brex will never ask you to divulge your personal information by email or text or ask for your full card number. Please do not click any unsolicited links, open any attachments, or install unknown applications. Brex will never require you to install a browser extension to log in. Contact Brex Support if you’re unsure about the legitimacy of a request.

Stay aware of scams

Fraudsters try to gain access to sensitive information like credit card numbers by posing as reputable sources. Avoid this by navigating directly to Brex.com. If you encounter a scam such as a fake Brex website or ad, please report it to Brex Support immediately.

Protect your card number

Only enter your card number in checkout on trusted sites. Never send your card number over email or other messaging platforms. Make sure you have an encrypted connection.

Review your Security & Privacy Center dashboard

Review your company's security settings and overall posture overall, as well as configure certain security settings globally or individually, in your Brex dashboard on a regular basis.

Monitor your credit report and transactions

To protect against identity theft, check your credit report and transaction history regularly to verify all actions were intended. If you suspect that someone has gained unauthorized access to your account, please change your Brex password immediately and contact Brex Support.

Change your password 
Contact Brex Support 

Keep contact information up-to-date

Make sure your email and phone number are always up-to-date so that we can reach you immediately if we detect any suspicious activity.

Update your devices

Updates often include the latest security features to protect your device.

Responsible disclosure

If you believe you have discovered a vulnerability in our systems or applications, we request that you disclose it to us via our responsible disclosure form.

Open form 

Trust at Brex

Brex is audited by major external auditing firms and regulators to ensure we exceed industry standard practices for security and technology governance. We are SOC 1 Type II, SOC 2 Type II, and PCI-DSS certified and fulfill compliance requirements from FINRA, IT General Controls, NY Department of Financial Services, and many others.

Visit our Trust Portal for more details and documentation related to our practices, policies, and programs.

Go to Trust Portal 
Prefooter Background
Prefooter Background

Protect your company with Brex.

Safeguard your expenses and data with enhanced controls that go above and beyond industry standards.

Contact salesOpen an account
Signup Illustration
Signup Illustration