Trippeo security, seriously

Published in

Trippeo Blog

3 min readJan 12, 2016

If you want to participate in 2016, you have to have some kind of presence on the Internet. Your marketing is there, your potential hires are there, and most importantly, your financial information is there. Like all new frontiers, the Internet is threatened by a degree of lawlessness. But Internet bandits tend to target less obvious gold: SIN numbers, personal data, and of course, banking information. So how can you be sure that the information you’re compelled to share the with companies that make your business better, simpler, and more efficient is secure? More than just secure… absolutely secure?

Trippeo wants to fall in the “absolutely” column. There are lots of basic things that we’ve adopted to keep the bad guys away. Not storing any of your banking or credit card information on our servers and having SSL certificates, for example. Even with nothing of fiscal value for these outlaws to steal, we still encrypt your data and password, because your information is yours. On top of that, we only collect the personal information that we absolutely need to do our jobs. And this is just a few of the basic lengths we’ve gone to to protect you. We’ve listed a few of our “above and beyonds” below.

1) Our password requirements are stringent

Data doesn’t lie: we’re not actually very creative when it comes to passwords. An overwhelming amount of people use things like the names of their kids, their birthday, or some other significant date or relationship in their life. Which is kind of beautiful, if you think about it. But it’s also not very complex (sorry), and not that hard to guess. To up the difficult factor, we’ve made all passwords to have a minimum of 8 characters and have a combination of numbers and uppercase/lowercase characters.

2) We routinely audit our security

We regularly team up with third-party security agencies to try and break down our doors. They haven’t succeeded yet, but they do find some weaknesses that we weren’t previously privy to, and that saves us (and our users!) a lot of grief in the long run. In addition to detailed reports, they offer a number of solutions that we can refine and implement, so no one knows exactly how we’ve chosen to solve the problem except for our own team.

3) You’ll never lose your receipts or expense reports

Our service has been designed for high user availability, with redundancy built into every level of our hosting infrastructure. All our customer data is backed up daily, which means that if you were to lose all your receipts and suddenly get audited, you can count on us to have your record of purchase stored.

4) We partner with the best

We work with Yodlee to enable Trippeo to automatically gather your bank or credit card transactions on a daily recurring basis. Yodlee is part of the FFIEC Supervision of Technology Service Providers guidance, which means that their security system is constantly examined by multiple agencies and regulators that try to break and corrupt them, and then they iterate on those findings. Any company that makes work for itself in the name of keeping things safe has a real commitment to security.

Conclusion

Security is serious business. We simplified a lot of processes in this post to make it clear to our customers and those evaluating our product that we’re taking extreme lengths to make sure that their interests are protected. If you take anything from this article, let it be that we have an entire ecosystem of teams working to protect you.