Keeping your account secure is a shared effort. While much of our other guidance focuses on what you can do, it is fair to ask what we do too. Here is a plain-English overview of the kinds of protections we have in place, without giving away detail that could help an attacker.
Protecting access
- We offer two-factor authentication so that a password alone is not enough to get in.
- We monitor for unusual sign-in activity and can prompt extra checks where something looks off.
- We send notifications about key changes so you can spot anything you did not authorise.
Protecting your information
- Connections to your portal are encrypted in transit.
- Access to your information internally is limited to those who need it to support you.
- We design our communications so that we never need to ask you for your password or codes.
Where you come in
No system can protect an account if login details are shared or a device is left open. The strongest results come from combining our safeguards with good habits on your side, such as strong passwords, switched-on two-factor authentication, and a healthy caution towards unexpected contact.
If you ever spot something that does not look right, contact us through a verified channel and we will look into it with you. For the full picture of how we handle your data, see our privacy policy.
See also: How do you keep my data secure?, What to do if you can't make a payment and Choosing a strong password for your business account.