Security at Float

Built from the ground-up with financial control at the centre of everything we do.

How Float Keeps You Protected

We are committed to protecting our customers’ personal and financial information to ensure the highest level of security and comply with industry standard controls. 

End-to-end data encryption

Float uses advanced security measures that ensure the confidentiality, integrity, and protection of all sensitive data including TLS 1.2 or higher encryption of sensitive data, penetration testing, and vulnerability assessments.

Zero fraud liability protection

Float has you covered so you’re not responsible for fraudulent transactions. Plus, our intelligent software can detect fraud patterns and identify inconsistent behaviour so you’re notified immediately.

Effortless dispute resolution

If you’re the victim of fraud, you can get funds back in as little as 3 business days. You can easily submit a dispute directly in-app and our team will work with you to resolve disputes and ensure your cards are protected.

Funds Held

Product Security

Float’s smart corporate cards are powered by intelligent spend management software that give your team control over who spends what and real-time visibility into transactions. With Float, you can prevent fraud before it happens and pause or cancel cards at any time.

Payment Security

Float has developed an advanced fraud detection and prevention protocol to ensure our customers’ payment security. With 24/7 fraud monitoring and 3D Secure card authorization, you can rest easy knowing your company spending is with Float.

User Management

Float keeps your accounts safe with multi-factor authentication and SAML single sign-on. With dynamic approver roles, you can easily manage the employee lifecycle and ensure only authorized users have access to Float.

Our Security Framework

Security is one of the most important things we do – here’s our framework to comply with industry standard controls and ensure the highest level of security. 

Least privilege

Access to organizational resources and information should be granted on a need-to-know basis.


Organizational security is layered to provide multiple levels of protection.

Risk management

Organizational security is based on an assessment of the potential risks and threats faced by Float.


Float complies with all applicable laws, regulations, and industry standards related to security.

Product Security

We are continuously implementing security measures that ensure the confidentiality, integrity, and protection of all sensitive data.

Float implements encryption, access control, and monitoring to mitigate risks of digital storage not actively being processed or transmitted.

Float uses TLS 1.2 or higher encryption to transmit data. Server TLS keys and certificates are managed through AWS.

Float engages with industry leaders Detectify for penetration tests, who are a fully automated External Attack Surface Management solution powered by a world-leading ethical hacker community.

Float undergoes vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC) to actively monitor threats, including network vulnerability scanning on a period basis, malicious dependency scanning to prevent the introduction of malware into our software supply chain, and Intrusion Detection & Prevention powered by AWS GuardDuty.

Corporate Security

Float is committed to ensuring the highest standards of security tools and training for our product and team.

Float uses Okta to secure our identity and access management. Float employees are granted access to applications based on their role. Access must be approved according to the policies set for each application.

We have implemented firewalls to protect our systems from unauthorized access. Our firewalls are regularly updated to ensure they are up-to-date and provide the highest level of protection.

Our systems are updated regularly with the latest security patches to ensure that any vulnerabilities are addressed promptly.

Our employees receive regular training on security protocols and best practices to ensure they are aware of potential security risks and how to mitigate them.

Float uses a risk management approach to vendor security. Vendors are reviewed and evaluated regularly based on access to customer and corporate information, integration with production environments, and reputational damage. All vendors that we engage with have completed an information security assessment standard such as: SOC 2 or ISO 27001 certification.

Contact Us

Float is always open to feedback, questions, and
suggestions – email us at