Security

We stay secure so you can spend smarter.

At Moss, our customers’ privacy, trust, confidence, and data safety are among our highest priorities.

Ubiscore badge

Data privacy

We take the protection of personal data seriously. Moss processes all personal data in accordance with applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). For more information on how we process personal data, please refer to our privacy policy. We are also committed to data protection through regular and independent monitoring by Ubiscore.

Data security

We implement various technical and organisational measures at Moss to protect your data and money. For all services related to credit card payments, we work with established, reliable and continuously audited partners backed by a multi-layered, redundant infrastructure.

Multi-layer defences

Our solution is hosted on modern and secure cloud-based technologies, which allows us to set up multi-layer defences and maintain the auditability of all actions and changes. In the event of any suspicious activity, alerts are sent to our Information Security team, who are ready to mitigate any potential threats.

All data on our cloud infrastructure is encrypted during transit and at rest using industry-standard encryption algorithms.

Security of our platform

Our platform is operated and hosted on EU-based Google Cloud Platform (GCP). We use Frankfurt as the primary data processing region, and data backups are stored in multiple availability zones, which ensures that secure-by-design foundations are followed.

GCP maintains all industry-leading certifications, including compliance with ISO/IEC 27001, ISO/IEC 27018, PCI-DSS, SOC2, CSA, and BSI C5. For more information, see the Google Compliance Resource Center.

GoBD certification

Compliance certifications and standards

Moss implements an information security management system (ISMS) that follows international standards and best practices. We safeguard customer funds in accordance with the Payment Services Directive (PSD2), and our solution is GoBD-compliant certified according to IDW PS 880.

Secure by design

Multi-Factor Authentication

Our platform supports Multi-Factor Authentication (MFA) to verify transactions and account activities.

3D Secure

We use 3D Secure technology as an additional authentication step to verify online payments.

User Authentication

Our platform lets you authenticate users securely by syncing your HR System and Single-Sign-On (SSO) software.

Contactless Payments

All physical, virtual and single purchase cards can be added to Apple Pay or Google Pay digital wallets for additional layers of security.

Security articles and FAQ’s

Read our security articles and frequently asked questions regarding Moss security.