Melio uses state-of-the-art cryptographic algorithms during data transmission (HTTPS with RSA 2048 bit key and SHA 256 certificate) and in our databases (AES 256 encryption keys). Our servers are kept in PCI and SOC 1, 2, and 3 certified data centers with 24x7 monitoring.
The PCI DSS certification process is designed to protect your sensitive data. Melio does not store any sensitive information on the servers (credit cards numbers and personal information such as SSN and DOB) but uses a card processor (TabaPay) which is a certified Level 1 PCI Compliant Service Provider (the highest level), which requires an annual independent security audit of its processes and systems. Melio and our 3rd party card processor test the system daily (manually and automatically) to ensure security.
Protecting your money
Your money is held in a protected account by our accommodating/partner bank Evolve Bank & Trust until it will be delivered to your vendor, so your funds are never at risk.
Training and education
All Melio employees undergo background checks and security training. The development team follows strict SDLC process which includes security validations and automatic penetration test
Reporting and disclosure
We investigate all reported vulnerabilities, so if you think you have discovered a problem with your account please email firstname.lastname@example.org