Security improvements for customers

Security improvements for customers

At Shakepay, we're always working hard to improve the security measures our customers benefit from when using our app. This work never stops and we're constantly iterating on the products and processes we use internally.

The data incident we had in December of last year that affected a small number of our customers is an opportunity to openly discuss some of this recent work. 

Here’s a quick update to share what’s changed.

Passkeys

We announced the integration of passkeys making Shakepay one of the first Canadian financial services companies to support passkeys for all customers.

Passkeys are a more secure form of multi-factor authentication that provide stronger protection against phishing attacks compared to traditional two-factor authentication methods while also allowing for a simpler sign-in experience. 

Face authentication to authorize transactions

For certain activities that pose higher risks to customers, like withdrawing large amounts to the blockchain, customers will now be asked for face authentication. We know that a simple 2D selfie won’t provide the highest level of security, so we have implemented 3D face verification software.

Customers will be asked to verify the transaction with a selfie, similar to the selfie asked during onboarding. The flow should be super quick allowing transactions to be approved within seconds.

Anti-phishing codes

At the bottom of all account activity emails, you’ll find a unique anti-phishing code that you can copy and paste into the Shakepay app to verify that this email was truly an authentic communication that came from Shakepay. 

Fraud monitoring and alerts

We’ve improved fraud monitoring and alerts.

  • Increased logging and visibility around access to internal accounts by Shakepay team members, including a full review of internal access to systems we rely on
  • Improved volume and behavioural based alerts to detect and prevent suspicious access to customer information
  • Better data loss prevention to track any and all data through its entire lifecycle
  • Enhanced monitoring for suspicious activity related to new devices and geographic considerations 

Your role in security

While we’re working hard to do our part, we’re also committed to educating our customers on how to best protect themselves. To keep your account safe, make sure to:

  • Set up two-factor authentication (2FA) using an authenticator app for your account (Bonus points: consider adding a passkey and deleting your password altogether)
  • Only sign in to your account through our official app or website
  • Be careful with suspicious links asking for your sign-in details
  • Use the in-app chat to talk to someone from our team 
  • Use anti-phishing codes to verify that communications regarding your activity in your account are really coming from us 

Remember: As of now, we don’t offer direct customer support by phone. This means a member of our team won’t call you directly to walk you through different steps or request a money transfer. 

If this were to change, you would be notified immediately, with step-by-step instructions on how to make sure you’re talking to a member of our team. 

Looking ahead

2024 is already shaping up to be a great year, and we’ll continue to improve Shakepay to  provide industry-leading trust and security to our customers.