We have updated our User Terms, effective February 2, 2021
I understand
For Users
For Merchants and Developers

Our Commitment to Security

Here at LevelUp, our internal security team works day in and day out to ensure that LevelUp isn't just the smartest way to pay, it's also the safest way to pay. It is our commitment to you, our business partners, our users and everyone in between, to ensure that LevelUp sets the golden standard for security in payments.

If you ever have any questions about LevelUp's security, please contact us at support@thelevelup.com and we'll route your inquiry to our security team.

A Multi-Pronged, Redundant and Modern Approach to Security

Below you can find more details on how we approach security.

PCI Compliance

LevelUp is 100% compliant to the letter and intent of all PCI regulations, rules and recommendations.

Data Encryption

All sensitive data transmitted to LevelUp is encrypted and stored on secured servers.

All The Security of Your Card

LevelUp is definitely a new way to pay, but it isn't actually a new payment method. It's just linked to your credit or debit card. So at the most basic level, you get all the security of your card PLUS all the security of LevelUp.

No Credit/Debit Card Information Is Stored by LevelUp

We do not store your credit/debit card information on LevelUp's servers. We have partnered with Braintree, a globally respected payment gateway, to leverage their secure vault solutions for all credit/debit card storage. All data sent to LevelUp's servers is encrypted and our servers are protected by industry standard measures. By leveraging Braintree for storage, we are able to add another powerful layer of security to LevelUp.

Triple Token System

The data encoded in the QR code you use to transact is NOT your credit or debit card information. It's a randomly generated token with no meaningful information in it. You can reset it at any time. It maps to a token on our servers which maps to yet another token in the Braintree Vault. Only the combination of these tokens (and two other factors of authentication) can initiate a transaction.

Carry Tokens, Not Payment Data

Our triple token system means that you carry no actual payment data around with you on a daily basis, as opposed to all that live payment data in your wallet right now. This is security on an architectural level. It is perhaps the most fundamental component to our security model. Carrying around live payment data is naturally risky. LevelUp ensures that no live payment data is carried on your person, stored in your phone or delivered to the merchant at any time. We believe this shift to be a necessary progression that will eventually be adopted as standard practice by all modern payment providers to ensure the security of your payments.

Instant Code Reset

Because your QR code is simply a token, and not actual payment data, you can at any time reset your code from within your account online. This will regenerate your code, invalidate the old one, and de-authenticate all devices logged into your account. Simply log back in to get your new code.

Pin Lock Your App

You can pin-lock the LevelUp app by tapping "Settings" and entering a pin-lock combination. Of course, you can always pin-lock your phone too. Or do both.

Radical Transparency

With each transaction, you get a digital receipt via email and push notification. If something ever looks off, you can reset your code with a single click and stop all activity on your account.

Payment Instrument Never Leaves Your Hand

With LevelUp, your phone (the payment instrument) never leaves your hand. This is not the case with other payment instruments, such as a credit or debit card, where at a restaurant the waiter/waitress will normally remove your payment instrument from the table, disappear for 5-10 minutes and then return. With LevelUp, the waiter/waitress will bring the LevelUp terminal to your table and complete the transaction in front of you. This process-level security improvement eliminates the window of opportunity responsible for the plurality of identity thefts in the United States.

Additional Security Mechanisms

We're constantly working on more ways to make LevelUp the most secure payment method on the planet. Some we'll publish here to help push the industry forward. Others we'll keep private. But rest assured, security is our primary focus.

How Does LevelUp Compare to Other Payment Methods

We pride ourselves on leading the industry standards for security, but see for yourself how we compare to other payment platforms.

  LevelUp Credit/Debit Cards Google Wallet Square Paypal Cash
PCI Compliant
Data Encryption Industry Standards Industry Standards Industry Standards Industry Standards Industry Standards
Human Security Industry Standards Industry Standards Industry Standards Industry Standards Industry Standards
Risk-Protection Provided By Card Issuer Sometimes
No Live Data Carried in Your Wallet or Phone
Data Reset Functionality Instant Phone Card Company, Wait For New Card Unclear Phone Card Company, Wait For New Card Email Support
Payment Method Leaves Your Hand Never Sometimes Never Sometimes Never Always
Algorithmic Fraud Protection
What happens if your wallet is stolen? Reset Code Instantly, Protected by LevelUp, Protected by Card Issuer, No Need to Reset Cards Phone to Reset All Cards, Protected by Card Issuer Phone to Reset All Cards, Protected by Card Issuer Phone to Reset All Cards, Protected by Card Issuer Lose all cash in wallet

Security Is A Conversation

If you ever have any questions about LevelUp's security, please contact us at support@thelevelup.com and we'll route your inquiry to our security team immediately.

Security Researchers

If you’re a computer security researcher, visit our Security Response Page for details on how to securely submit a report.