Identity Verification on Virtual Cards
We’ve recently become aware of new identity requirements for global virtual Visa cards. Due to increasingly strict international law governing money transfers, as of May 3, 2021, recipients in EUR, GBP, AUD and JPY will be asked to verify their identity before they can activate and use their cards. This may include:
- Date of Birth
- Driver’s License Number (or other identifying document like a Passport, ID Card, etc.)
- Proof of Address (Utility bill, mortgage/rent bill, etc.)
Please be assured this new verification follows strict privacy and security guidelines, and is fully GDPR compliant.
Security Improvements for 2019–2020
As part of our ongoing commitment to security, we have made some improvements.
Improving Calendar Security 🗓
PII will be hidden from the calendar feed to ensure it doesn't fall into the wrong hands. As a result, the calendar feed for all active accounts will be reset after Oct 15th, 2019. Please prepare to resubscribe to all calendar feeds after Oct 15th. Read lots more about this update here
SOC 2 Compliance with A-LIGN 🔐
Ethnio is currently SOC2 Type 2 compliant through our TierPoint-managed data center, and additionally, we're in the process of SOC 2 Type 1 & Type 2 assessments for the entire org. This helps us ensure your data and your participants’ data is handled using the strictest guidelines.
Cobalt Pentests 🔏
We are also running multiple due diligent pentests to locate and fix vulnerabilities in the system. These are hacker-powered penetration tests performed by a certified pentester.
New Incident Response Plan 📄
This is documented to show the steps we take to detect, contain, and permanently fix any potential threats to your data. Read the full plan.
2FA & SSO Now Available
As part of ongoing security enhancements, Ethnio now offers 2FA & SSO for Enterprise customers! SSO details are here: help.ethn.io/hc/en-us/articles/360003424091 and 2FA details are here: https://help.ethn.io/hc/en-us/articles/360027223811
Remediation of Form Field Vulnerability
We found a sensitive form field that had not disabled autocomplete as part of our ongoing Nmap vulnerability scans, and added the following attribute to the form or input element: autocomplete="off" This attribute now prevents the browser from prompting anyone to save the populated form values for later reuse. Most browsers no longer honor autocomplete="off" for password input fields, however, there is still an ability to turn off autocomplete through the browser and that is recommended for a shared computing environment.
Keeping you up-to-date on any remediation that could have impacted customers, but this one was pretty minor.