Your financial data and documents are undoubtedly safer on our encrypted, password-protected servers than they are in filing cabinets and on people’s desks throughout your offices. Bill.com complies with various financial regulations in order to provide customers with a payment gateway to accept ACH payments, process credit cards, and pay bills and receive payments.
We provide various types of protection to guard your money and sensitive information at Bill.com:
- Controlled access: our servers are in high-security locked facility with biometric access controls.
- Guards and video surveillance 24 hours a day, 365 days a year.
- Employees must have an ID card, a PIN, and a full hand scan on file in order to enter the facility.
- All Bill.com employees go through a background check.
- Firewalls and intrusion-detection devices prevent unauthorized electronic access to servers.
- Data in transit is encrypted with Transport Layer Security (TLS).
- We encrypt all sensitive information stored in our database.
- For quick disaster recovery, your data and documents are stored on redundant servers which immediately make two copies of everything.
- We also back up the data to separate media and regularly move a copy of the backups to a second secure facility.
- When using Bill.com, each user's access to data and documents is defined by the user roles and permissions you assign them, so employees, accountants and others see only what you want them to see.
- You, your vendors and your customers don't need to share bank account information in order to facilitate payments via Bill.com.
- Eliminating filing cabinets and paper documents automatically eliminates a major security vulnerability.
- We employ multi-factor authentication (MFA) to prevent fraudulent access to your Bill.com account.
- Eliminating paper checks eliminates check theft.
- All payments, whether check or electronic, are made through the Bill.com account, so your bank account and routing numbers are never exposed.
- Positive Pay assures that altered checks will not be paid.
- Regular completion of SOC 1 (Type 2) and SOC 2 (Type 2) Audit on our security controls by a reputed third-party security audit firm.
- Bill.com's applications use SSL encryption certificates issued by trusted certificate authorities
- PCI DSS Compliance as a Service Provider by a Qualified Security Assessor (QSA)