We’re focused on payment compliance controls and network security
Hyperwallet is a registered money services business in the United States and Canada. We maintain a compliance program designed to fulfill our obligations under applicable laws and regulations.
Financial network safeguards
We safeguard our network and mass payouts platform against cyber threats and privacy breaches. We adhere to PCI Data Security Standards and maintain banking redundancy in high-traffic jurisdictions to both build resiliency and protect against service outages.
Privacy & security practices
We understand the importance of safeguarding individuals’ personal information and employ measures to protect personal information in our possession. Security is of vital importance to us, and we aim to meet and exceed industry standards. We are a PCI Level 1 compliance service provider, SOC1, SOC2, and ISO27001 certified organization. We will not share personal information, unless to provide requested services or as otherwise permitted by law. Individuals can request access to their personal information in our possession and can request updates to that information, subject to applicable legal or regulatory record-keeping or related requirements.
Encryption and other protections
We take a number of technical measures to help you stay secure.
End-to-end encryption is an important element in helping to keep your data and Hyperwallet transactions secure.
Some of the methods we use include, but are not limited to, the following:
When you register or log into Hyperwallet from your computer or mobile device, we make sure you’re connecting with Transport Layer Security (TLS), a cryptographic protocol providing communications security, and only make HTTPS connections (HSTS).
Strong TLS configurations are the current industry standard for trusted communication channels and allow your information to transmit across the internet in a secure manner. Only allowing HTTPS connections helps to reduce your susceptibility to some passive and active attacks.
Hyperwallet is Payment Card Industry Data Security Standard (PCI-DSS) Level 1 certified, we comply with stringent requirements for data protection.
Hyperwallet’s Information Security Policies and Controls are reviewed by independent third parties to the following industry standards and guidelines: American Institute of Certified Public Accountants SSAE18 SOC1, AT-C105 and AT-C205 SOC2, and ISO 27001.
Password and Security Questions
Using a secure, unique password for your Hyperwallet account is critically important.
Use strong, unique passwords
Make sure your password is strong and unique to Hyperwallet so that even if another website you use is compromised your money and account stays safe. If you reuse passwords, and your credentials stolen for one account that means hackers can gain access to other accounts that use the same login details.
The longer and more complex your passwords are, the more difficult they are for hackers to discover. Make sure to create unique passwords for all online accounts and never share them with anyone you don’t trust explicitly.
- Always include numbers, symbols, and both uppercase and lowercase letters.
- Never include obvious personal information (names, birthdates, anniversaries) or common words or phrases.
Account Security Questions
Account security questions may add an extra layer of protection to your account but can be a vulnerability if your answer is something that can easily be found out. For example, a common security question is “What city were you born in?”. This information is easily found online, so NOT using the true answer helps make the question stronger. You may have been born in Los Angeles but listing that you were born in San Francisco keeps your information more secure. The answer is what is important, not the accuracy of it!
Report identity theft
If you’ve been the victim of identity theft or a scam, you need to act quickly to secure your accounts and sensitive information. ’Steps to take include’:
1. Change your passwords and review accounts
Change your passwords and security questions.
Change the passwords on all your online accounts immediately. This includes email accounts, because fraudsters can use these to gain access to other online accounts.
Review your account information.
Make sure your contact information is up-to-date on all your online accounts and that no unknown phone numbers or email addresses have been added.
Review your recent account activity.
Check all your online accounts – including email accounts. Look for anything suspicious, because this can help identify how long ago you may have been compromised and will prepare you for conversations with your financial institutions and law enforcement if needed.
2. Contact your financial institutions immediately
Call your banks and credit card companies.
Ask for the fraud departments, explain what’s happened, and ask what they can do to help.
3. Report it to law enforcement
File a crime report. Call local police and file a report right away. This will help when speaking with banks and credit card companies. In some cases, you may need to file a report in the jurisdiction where the crime occurred.
4. Place a fraud alert on your credit
Contact the three major credit bureaus.
With a fraud alert on your credit, banks and credit card companies will have to contact you before opening any new accounts in your name.
5. Always stay vigilant
Identity theft can strike twice. Thieves may have access to more information than you originally noticed and can use that to target you again. Stay vigilant about regularly updating passwords, keeping contact information current and accurate, checking account activity, and making sure nothing seems suspicious.
Recognize fraudulent emails and websites
Phishing and spoof emails are a leading cause of stolen information and identity theft, and they can be hard to spot. These emails aim to obtain your personal information using deceptive means to try and trick you. Fake emails often look like the real thing so it’s important to stay vigilant online.
What is phishing?
“Phishing” is an attempt to steal your information. Criminals pretend to be a legitimate business to get you to disclose sensitive personal information.
Example of a phishing campaign
- A criminal sends an email that appears to be from a well-known company often including a made-up story designed to lure you into clicking on a link or calling a phone number.
- The phishing email asks you to fill out a form or click on a link or button that takes you to a fraudulent website.
- The fraudulent website mimics the company referenced in the email, and aims to trick you into volunteering sensitive, personal data.
- The fraudsters collect your login details or financial information from the information provided on the fraudulent website they created.
Note that phishing emails can also lure you to open suspicious attachments or visit websites that can infect your computer with malicious software, known as malware.
How to spot phishing emails
Phishing scams almost always imitate a well-known company complete with company logos, official looking email templates, or scripts that are similar to genuine communications but there are some things to look for that can help you tell the difference.
- Spelling and Grammar: Are there mistakes or odd wording?
- Do the links look genuine? Hover your mouse over the link to confirm it’s a match before clicking. If you’re unsure don’t trust it!
- Attachments. Were you expecting an attachment from Hyperwallet? Do the file name and extension match what you were expecting? If not, don’t open!
- Does the email demand that you act immediately? Anything of true importance can be verified by opening a new browser window and logging directly into your account
Smishing – Phishing via text or SMS
Smishing is when a scammer sends a text or SMS message to your phone number with a fake phone number or URL. The message is usually urgent, asking you to click a link to cancel a transaction or update your information. These messages can even come through social media apps or sites. Example of smishing:
“Your account has been suspended due to suspicious activity. Please contact us immediately at 1-408-123-4567. It is imperative that we speak to you immediately.”
Vishing – Phishing via voice call
Fraudsters may use automated systems to make voice calls, that report urgent account problems and ask for account information. This is called Vishing. Example of a vishing call:
“This is Hyperwallet calling about a possible fraudulent transaction on your account. Please provide your password now to hear the transaction details. We need your immediate response to block this transaction.”
Never provide any account information unless you initiated the phone call.
Don’t call them back, even if the caller ID says “Hyperwallet” or another trusted company or government agency. Scammers can easily fake a Caller ID, and it’s impossible to be sure where the call is coming from.
How to spot a fake “spoof” website
It’s difficult to tell if a website is authentic just by looking at the pages, since it’s very easy for scammers to simply copy the real website’s content. Check for these signs when you land on a website from a link:
- Does your browser warn you that the site may be malicious? This development in web security is helping customers identify many phishing websites before they are accessed.
- Does the URL look overly complex or is something other than Hyperwallet after www.?
- Is the design or logo out of date?
- To help ensure you’re on the real Hyperwallet website, check your browser address bar for:
- https:// not http://, the S is for “secure”
- Web security icon – a lock – in the browser address bar.
- Green text/shading or the green lock icon
If you are a victim of phishing, vishing, or smishing
There are plenty of clever scam attempts, and new ones are being created all the time. So, despite your best intentions, it could still happen. If you think you are a victim of a scam, here are some steps to protect yourself:
- Run an anti-virus scan on your system to make sure that you didn’t pick up a virus. Make sure that your system and anti-virus software are up to date.
- Change your account password and security questions immediately. Do this for your Hyperwallet account, email account, and other online accounts.
- Report it to the police, Hyperwallet, your bank and credit card providers.
- Regularly check your online account activity for unexpected or unusual activity.
Learn how to keep your computer and mobile devices safe and secure when you use your Hyperwallet account.
Keep your software up to date
Software is complex and often has minor bugs that hackers seek to exploit.
Device makers and application developers provide updates to operating systems and applications regularly that fix known bugs. To help protect your systems and data from hackers you should install updates as soon as they become available and where possible enable automatic updates.
- Turn on automatic updates for your system and applications, found in the Control Panel on Windows, under System Preferences on MacOS, or Settings on your Apple mobile device.
It’s important to keep applications up to date because these are also vulnerable. Popular applications that are often targeted by hackers include:
- Web browsers like Internet Explorer, Chrome, Firefox, and Safari
- Microsoft Office
- Adobe Reader
- Adobe Flash Player
Note: when security updates are released the company usually indicates the problems they’ve fixed. If hackers didn’t know about the security bug before the update, they’ll know after. If your system or applications are not updated, they could be vulnerable to attacks by hackers.
Use anti-virus software
Viruses or malware are malicious software that can be installed on your computer or mobile device through an infected file, unsafe download, or unpatched security vulnerability. Anti-virus software can help prevent the installation of new malware and will detect most malware if it does get installed.
What happens if malware or a virus is installed?
- It can capture everything you type, like usernames and passwords to your email, Hyperwallet, and other financial accounts.
- It can read all the files on your system, including email, financial records, and personal information.
- Malware can take over your system to send out SPAM emails or attack other people’s accounts, making your computer part of the problem.
- Hackers will use or sell the information they obtain through malware, which can be used to steal your money or your identity.
How does anti-virus software help?
- Anti-virus software reviews your system and will check incoming emails and downloads for malware.
- It can also run scheduled scans to make sure nothing suspicious has snuck onto your system.
Remember to enable automatic updates, because the anti-virus developers are constantly identifying and addressing new threats.
Download with caution
Whether it’s software, an app or a file, make sure you only download from reputable websites or people you trust and check reviews for users reporting problems.
Use of passwords and PINs
Passwords, PINs, and biometrics (Touch ID, Face ID, or Fingerprint Manager) are the simplest way to ensure security on your computer and mobile devices, especially if they’re lost or stolen.
If someone can access your system for even a few minutes, they can install malware. A password will make it harder for a thief to access information on your system in the event that it’s stolen.
- Don’t use simple PINs like 1234 or 1111 that are common and easily guessed.
- Don’t use your or your family members’ birthdates, or anniversaries.
- Think of a memorable image and spell the word with the number pad. For example, if you imagine a blue cow, your PIN would be 2583269 (B2-L5-U8-E3-C2-O6-W9).
- Use a 6-digit PIN if your device allows
- Set your device to auto-lock after a few minutes or even a few seconds of inactivity. A short time out reduces the chances of someone accessing your information.
Don’t forget about your smartphone and tablet. Follow these simple tips:
Always activate a PIN or lock function for your mobile device.
A PIN is the simplest and most important thing you can do to ensure security on your mobile device, especially if it’s lost or stolen.
Automate software updates.
Many software programs can automatically connect and update to defend against known risks. Turn on automatic updates on your mobile device if that option is available.
Use caution when downloading apps.
Unknown or repackaged apps can contain malware designed to steal information from a mobile device. So always purchase or download apps from companies that you trust and check reviews. When installing new applications, review permissions and decide if you’re comfortable granting access to the application.
Enable “Find My Device.”
If your phone, carrier, or antivirus software supports a “find my device” feature, activate it. This functionality can help you find your device if it’s lost or stolen and can remotely lock it or wipe it clean if necessary.
Back up your device.
It’s critical to back up your device on a regular basis. Some operating systems can do this automatically. If you ever need to exercise the remote wipe feature mentioned above, you’ll be glad to have a current backup that you can use to configure a new device.