For Merchants and Developers
Our Commitment to Security
Here at LevelUp, our internal security team works day in and day out to ensure that LevelUp isn't just the smartest way to pay, it's also the safest way to pay. It is our commitment to you, our business partners, our users and everyone in between, to ensure that LevelUp sets the golden standard for security in payments.
If you ever have any questions about LevelUp's security, please contact us at email@example.com and we'll route your inquiry to our security team.
A Multi-Pronged, Redundant and Modern Approach to Security
Below you can find more details on how we approach security.
LevelUp is 100% compliant to the letter and intent of all PCI regulations, rules and recommendations.
All sensitive data transmitted to LevelUp is encrypted and stored on secured servers.
All The Security of Your Card
LevelUp is definitely a new way to pay, but it isn't actually a new payment method. It's just linked to your credit or debit card. So at the most basic level, you get all the security of your card PLUS all the security of LevelUp.
No Credit/Debit Card Information Is Stored by LevelUp
We do not store your credit/debit card information on LevelUp's servers. We have partnered with Braintree, a globally respected payment gateway, to leverage their secure vault solutions for all credit/debit card storage. All data sent to LevelUp's servers is encrypted and our servers are protected by industry standard measures. By leveraging Braintree for storage, we are able to add another powerful layer of security to LevelUp.
Triple Token System
The data encoded in the QR code you use to transact is NOT your credit or debit card information. It's a randomly generated token with no meaningful information in it. You can reset it at any time. It maps to a token on our servers which maps to yet another token in the Braintree Vault. Only the combination of these tokens (and two other factors of authentication) can initiate a transaction.
Carry Tokens, Not Payment Data
Our triple token system means that you carry no actual payment data around with you on a daily basis, as opposed to all that live payment data in your wallet right now. This is security on an architectural level. It is perhaps the most fundamental component to our security model. Carrying around live payment data is naturally risky. LevelUp ensures that no live payment data is carried on your person, stored in your phone or delivered to the merchant at any time. We believe this shift to be a necessary progression that will eventually be adopted as standard practice by all modern payment providers to ensure the security of your payments.
Instant Code Reset
Because your QR code is simply a token, and not actual payment data, you can at any time reset your code from within your account online. This will regenerate your code, invalidate the old one, and de-authenticate all devices logged into your account. Simply log back in to get your new code.
Pin Lock Your App
You can pin-lock the LevelUp app by tapping "Settings" and entering a pin-lock combination. Of course, you can always pin-lock your phone too. Or do both.
With each transaction, you get a digital receipt via email and push notification. If something ever looks off, you can reset your code with a single click and stop all activity on your account.
Payment Instrument Never Leaves Your Hand
With LevelUp, your phone (the payment instrument) never leaves your hand. This is not the case with other payment instruments, such as a credit or debit card, where at a restaurant the waiter/waitress will normally remove your payment instrument from the table, disappear for 5-10 minutes and then return. With LevelUp, the waiter/waitress will bring the LevelUp terminal to your table and complete the transaction in front of you. This process-level security improvement eliminates the window of opportunity responsible for the plurality of identity thefts in the United States.
Additional Security Mechanisms
We're constantly working on more ways to make LevelUp the most secure payment method on the planet. Some we'll publish here to help push the industry forward. Others we'll keep private. But rest assured, security is our primary focus.
How Does LevelUp Compare to Other Payment Methods
We pride ourselves on leading the industry standards for security, but see for yourself how we compare to other payment platforms.
|LevelUp||Credit/Debit Cards||Google Wallet||Square||Paypal||Cash|
|Data Encryption||Industry Standards||Industry Standards||Industry Standards||Industry Standards||Industry Standards|
|Human Security||Industry Standards||Industry Standards||Industry Standards||Industry Standards||Industry Standards|
|Risk-Protection Provided By Card Issuer||Sometimes|
|No Live Data Carried in Your Wallet or Phone|
|Data Reset Functionality||Instant||Phone Card Company, Wait For New Card||Unclear||Phone Card Company, Wait For New Card||Email Support|
|Payment Method Leaves Your Hand||Never||Sometimes||Never||Sometimes||Never||Always|
|Algorithmic Fraud Protection|
|What happens if your wallet is stolen?||Reset Code Instantly, Protected by LevelUp, Protected by Card Issuer, No Need to Reset Cards||Phone to Reset All Cards, Protected by Card Issuer||Phone to Reset All Cards, Protected by Card Issuer||Phone to Reset All Cards, Protected by Card Issuer||Lose all cash in wallet|
Security Is A Conversation
If you ever have any questions about LevelUp's security, please contact us at firstname.lastname@example.org and we'll route your inquiry to our security team immediately.
If you’re a computer security researcher, visit our Security Response Page for details on how to securely submit a report.