diff --git a/docs/partnership/partials/_trust-center.mdx b/docs/partnership/partials/_trust-center.mdx new file mode 100644 index 0000000000..a1603fcf5e --- /dev/null +++ b/docs/partnership/partials/_trust-center.mdx @@ -0,0 +1,4 @@ +:::info Trust Center +Visit [Swan's Trust Center](https://trust.swan.io/) for live information about Swan's security. +Understand security measures in depth, review policies, and find answers to frequent security questions. +::: \ No newline at end of file diff --git a/docs/partnership/protections/data.mdx b/docs/partnership/protections/data.mdx new file mode 100644 index 0000000000..00d85624b6 --- /dev/null +++ b/docs/partnership/protections/data.mdx @@ -0,0 +1,18 @@ +--- +title: Data protection +--- +import TrustCenter from '../partials/_trust-center.mdx'; + +# Data protection + +Because Swan is a financial institution supervised by the *Banque de France*, Swan has a regulatory requirement to [verify the identity of all users](../../topics/users/identifications/index.mdx). +Your users often verify their identity through a short video of their face, which is a great way for Swan to prevent fraud. + +Swan processes and stores these videos with great care. +Videos are encrypted in Swan's systems and stored in European data centers. +User data is never transferred outside of Europe. +Additionally, only Swan teams responsible for verifying identities and teams in charge of compliance with banking regulations can access these videos. + +Swan is required by law to keep data for **five years after an [account is closed](../../topics/accounts/closure/index.mdx)**, in accordance with [French banking regulations](https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000041577784). + + \ No newline at end of file diff --git a/docs/partnership/protections/financial.mdx b/docs/partnership/protections/financial.mdx new file mode 100644 index 0000000000..819b508ea2 --- /dev/null +++ b/docs/partnership/protections/financial.mdx @@ -0,0 +1,29 @@ +--- +title: Protecting funds +--- +import TrustCenter from '../partials/_trust-center.mdx'; + +# Protecting funds + +Regardless of what happens to Swan, **your money is always secure**. + +This is a non-negotiable requirement of all [e-money licenses](../index.mdx#license) that Swan takes seriously. +Swan protects you and all of your accounts holders with a safeguarding account that offers **two layers of protection**. + + + +## Layer 1: Safeguarding account {#protecting-funds-account} + +All funds belonging to Swan account holders are safeguarded in an account at BNP Paribas, completely separate from Swan's accounts. + +- E-money institutions are **required to hold onto your funds**, meaning Swan **can't invest them**. +- Therefore, **all of your funds** are in this safeguarding account. +- In the case that Swan goes bankrupt, your funds are **secure** at the safeguarding bank. + +## Layer 2: Crisis operator {#protecting-funds-operator} + +In the case that Swan's safeguarding bank goes bankrupt, the [Fonds de Garantie des Dépôts et de Résolution (FGDR)](https://www.garantiedesdepots.fr/en) **protects each account holder for up to €100 000** (one hundred thousand euros). +In English, FGDR translates to *Deposit Guarantee and Resolution Fund*, and it's a French fund that extends to all accounts at French e-money institutions. + +- The FGDR applies to individuals and companies (natural and legal persons) with a few exceptions (for example, banks as legal persons). +- If Swan's safeguarding bank goes bankrupt, Swan's ledger will be the single source of truth and all account holders, regardless of nationality, will be reimbursed by the FGDR. \ No newline at end of file diff --git a/docs/partnership/protections/fraud.mdx b/docs/partnership/protections/fraud.mdx new file mode 100644 index 0000000000..09128aa0da --- /dev/null +++ b/docs/partnership/protections/fraud.mdx @@ -0,0 +1,156 @@ +--- +title: Fraud protection +--- + +# Fraud protection + +Fraud attempts grow more complex every day. +It's important to know about common types of fraud and how Swan works to keep you and your users safe. +This way, you can help your users avoid becoming victims of malicious intent. + +import TrustCenter from '../partials/_trust-center.mdx'; + + + +## How Swan protects you and your users {#swan-protections} + +Your protection is Swan's priority. +Consider the following ways in which Swan keeps you and your users safe. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
AreaProtection
💬 **Contact with your users** ∗Swan never calls your users without previously notifying them. If your users receive an unexpected phone call from Swan, strongly encourage them to hang up and inform you and Swan immediately.
In place of emailing Support, Swan prefers that both you and your users open tickets. The [partner](https://partner-support.swan.io/hc/en-gb/requests/new) and [end-user](https://support.swan.io/hc/en-150/requests/new?ticket_form_id=18444696903837) support forms initiate a secure way to communicate about sensitive topics.
Swan doesn't request sensitive personal or account information by phone or email. Your users might be asked to verify their name or phone number, but nothing more.
🔐 **Authentication** and **Consent**To access Swan platforms, you and your users must [log in](../../topics/users/index.mdx#login). If there's no activity for a set time period, you're [automatically logged out](../../developers/index.mdx#ttl) to ensure the security of your account.
Swan uses a mix of biometrics, passcodes, and one-time passwords to secure access to Swan platforms.
You and your users must [consent](../../topics/users/consent/index.mdx#sensitive) to all sensitive operations.
💶 **Payments**Swan offers [single-use virtual cards (SUVs)](../../topics/cards/virtual/index.mdx#suv). Consider prioritizing issuing SUVs as it's more difficult to use them fraudulently.
You and your users can save [trusted beneficiaries](../../topics/payments/credit-transfers/index.mdx#beneficiaries). Only eligible account members can send credit transfers to unsaved beneficiaries.
When making online payments, you and your users are required to complete [3-D Secure (3DS)](../../topics/payments/cards/index.mdx#3ds), an extra security layer when paying online. Please note that 3DS might be bypassed if Mastercard deems a payment low risk.
+ +∗ *You, your users, and Swan each have a direct relationship due to the [three-party partnership model](../index.mdx#model). +As a result, Swan can contact your users directly, when necessary, under strict privacy guidelines.* + + +## Common types of fraud {#types} + +### Account takeover (ATO) {#ato} + +Account takeover fraud occurs when those committing fraud gain control of a victim's payment account, and then use the account to perform unauthorized actions. + +:::note Tips to combat ATO fraud +- Keep account **login information secure**. +- Use **strong, unique passwords** and passcodes. +- **Don't share account details** by email, phone call, or text message. +::: + +### Authorized push payment (APP) {#app} + +With APP fraud, those committing fraud trick victims into sending money from the victim's account to a legitimate account managed by the malicious actors. + +They impersonate trusted organizations or people—including people your users may know—and convince victims to transfer sizable sums of money urgently. +APP fraud often occurs by email or over the phone. + +:::note Tips to combat APP fraud +- **Contact the organization or person directly** in a new email or phone call to ask about the request. +- Don't do anything **urgently**. +- **Check links before you open them**. Is there a spelling error or typo in the domain name? Are there extra characters, letters, or numbers in the link? +::: + +### Card {#card} + +Those committing card fraud **steal virtual card details**, such as card numbers and card verification values or codes (CVVs or CVCs), or **actual physical cards**. +Then, they use that information to make payments online or by phone, where the purchaser's physical card or presence isn't required. + +Types of card fraud include **remote purchase fraud**, **card not present (CNP) fraud**, and any activity with **lost**, **stolen**, or **misplaced cards**. + +:::note Tips to combat card fraud +- Only enter card details on websites with a **secure connection**. +- Only enter the card number and security code into **fields designed for those numbers**. Don't enter card details in free-text fields, which are open for any type of text input. +- **Block (cancel) lost or stolen cards immediately**. If you use Swan's Web Banking, send your users the [Support Center article about blocking cards](https://support.swan.io/hc/en-150/articles/18538920070045-Blocking-your-card). +::: + +### Chief Executive Officer (CEO) {#ceo} + +CEO fraud, also known as business email compromise (BEC), is cybercrime where individuals impersonate a company's CEO or other top executive. +These individuals send **convincing emails** to company employees that seem to require **immediate and urgent attention**. +In the email, they might request the employee to transfer funds, provide access to secure portals or documents, or otherwise reveal confidential information about the company. + +Consider the following example: + +> Subject: Urgent financial matter (confidential) +> +> Hi Alex, +> +> There's been an urgent development and we need to pay an invoice immediately. +> I'm in a critical meeting and can't send this transaction myself. +> Could you please handle this right away? +> +> *includes transfer details* +> +> Let me know when it's done. +> +> Thanks,
+> Jules
+> CEO, MyBrand +
+ +:::note Tips to combat CEO fraud +- **Confirm the email address**. Is there a spelling error or typo in the executive's name? Are there extra characters, letters, or numbers in the domain name? +- If you've received other emails from this executive, **does this email look like the others**? Or are there slight differences in style, spacing, and voice? +- Even when a request comes from an executive, **never bypass established security measures**. +- **Contact the executive using another channel**. If you received an email, for example, try calling or sending them a direct message on the company's messaging platform. +::: + +### Phishing {#phishing} + +Phishing involves those committing fraud impersonating legitimate organizations, such as companies or governmental agencies, through email or text message. +They attempt to steal sensitive information, including user names and passwords, government ID numbers, financial information, and more. +Phishing emails and text messages can be quite convincing, often including links to websites that look almost identical to the organization's real website. + +:::note Tips to combat phishing fraud +- **Contact the organization directly** in a new email or by phone to ask them about the message you received. +- **Check links before you open them**. Is there a spelling error or typo in the domain name? Are there extra characters, letters, or numbers in the link? +- **Open websites directly** in your browser instead of clicking links included in an email or text message. +::: + +## Report fraud {#report} + +:::danger Report fraud +If your users are victims of fraud with their Swan payment accounts, they need to **file a fraud dispute with Swan**. +::: + +Share the dedicated Support Center article to help your users file their report: + +- [English](https://support.swan.io/hc/en-150/articles/17099978406045) +- [Dutch ***nederlands***](https://support.swan.io/hc/nl/articles/17099978406045) +- [Finnish ***suomi***](https://support.swan.io/hc/fi/articles/17099978406045) +- [French ***français***](https://support.swan.io/hc/fr/articles/17099978406045) +- [German ***deutsch***](https://support.swan.io/hc/de/articles/17099978406045) +- [Italian ***italiano***](https://support.swan.io/hc/it/articles/17099978406045) +- [Portuguese ***português***](https://support.swan.io/hc/pt/articles/17099978406045) +- [Spanish ***español***](https://support.swan.io/hc/es/articles/17099978406045) \ No newline at end of file diff --git a/docs/partnership/protections/report-vulnerability.mdx b/docs/partnership/protections/report-vulnerability.mdx new file mode 100644 index 0000000000..ba13a8582d --- /dev/null +++ b/docs/partnership/protections/report-vulnerability.mdx @@ -0,0 +1,87 @@ +--- +title: Report a vulnerability +--- +import TrustCenter from '../partials/_trust-center.mdx'; + +# Report a vulnerability + +Swan prioritizes offering secure services and protecting all Swan accounts. +Researchers and the Swan community are encouraged to report all security-related issues. +Swan thoroughly investigates all reports internally while coordinating with you to fix the issue and prepare a responsible disclosure. + + + +## Report a vulnerability {#report} + +To make a security vulnerability report, email security@swan.io with the full details, including steps to reproduce the issue. + +If you'd like to encrypt the email (not required), please use the provided GNU Privacy Guard (GPG) key, attributed to Swan's security team. + +
+ Encryption GNU Privacy Guard (GPG) key + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGMRwxMBEADX+27SleleHaxYfU0ey+qH3KS3rS/L52xOKGyMDXtGw38mNWyn +6P7JvIcx86ti4HkplYRAw36FZSAK9NGSM2tnjfVzv7oJKhWg5EI/9gPQpKPktDQS +xaD7ImGBuF42u0b7eJK5AvAizQ8RwMaKezo84gDMZdRkV4vPiWTxUH23uwD0ey57 +13JjrzLqrr3t1ZkXE52nt+h89LR6q/78IJwtCHb/ZhHCw/giI37Ix25+MlVDrIB8 +0mltoyUm/bFtR01hX97116KR4T4WhGJMackDG3AULm4YjPxBUQiuMWn+4DR+CBde +xKrq+v2Q85/dq3HRaZ+Z3a2d7Yenne9AyTp19gCEy6+4ld1j170Cj7V7auB/bJcw +8Mzkd6JS02XWcC0Aq961AM7EQ6DZom+Q8lyqdRIjTI/QjWZSULQNusd7vJvFdEz3 +Bd6YIFeC7chodN9TIaCOfJJJJIoN2ntB69uX2cyYtIr/keNkIL/vOgbwTfm0CviP +h76GFgN1YiwJ4JGe4DmATmjBDtRf6SUalXL3fQeP6eBCnEPh3paCx3RyWkThme4L +rbYR8EqFV9ipVnUTdN4i1IgVn5rydVpqqJd9zmN5Jk+xvgbthy1gxPFNFt26ZAXE +FrbI/Xx0g6fNhN+51Z93OP2ckPT6+MkoZjB7WMiA5NsgeiAop3GTMYZdiwARAQAB +tCVTd2FuIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QHN3YW4uaW8+iQJOBBMBCAA4 +FiEEhpdeLqFNMSQgGJ+O1VBNzkad0mwFAmMRwxMCGwMFCwkIBwIGFQoJCAsCBBYC +AwECHgECF4AACgkQ1VBNzkad0mxl4Q//TWMc2wPuYnr/m896IQqhUUzp+9jBb1/v +0a19J/aCRPw72i10az5PDXFpagPUE2gQoeTxT3A/0Sg9zYc2TBT0iP+zrj9GD1/W +K0zM1efolRIHlUyOjyFjLAn6RNXKg8lyhWCv88hNSoKQ88bW3+GG3bnO1R+mPgCe +m1AIQQE0pBP/I0K3XpLDQvdY22vkWpcXNbULjcirHG6JRWfJmlYhGRLQnAFdzzG4 +afzD5k97fxdChJz78hpoUbmD9EZMbcoOgCQJyodzYQevwNDQ89SBLh2wQT9Bzm3y +EE/vsqMG0aYKh0r6L9XfqPxTahcpEKT42mvkCLlmWy+HlEvicME9BStGST7C/a7I +wpUx4nuqdPB4GIgxgOkaBbkotgxCammDe3qjQjtIRs/h7AhG/rXhNni1kzeQSZ5u +SPvnkaUJvnT8tEQw+dU31z2MWq7M8LRgMsi4nKhDPpKBLH/ITGpTbyDCa1cPKTKD +ey468x+8uJl+s1w/9Xg4pyT1fcBPzcc131gWykO6cqT9szITu518zBY2Hw54ywzf +fHWJjI6sZ+ggYnj4ELVcLswIpPU2yWI6pXU+Ume8tHJvAAqyrqPqcyORNPZrwBjw +AOMHB1RpFwqmyY8XbMUzFB/m1WnH29mbDS7UhWvqGpUeKfuowBZs8tDAR5YjJh32 +3+2luh0mmOO5Ag0EYxHDEwEQAO5Z0iGFmLsSC/dWWXSYjOOuQM+S12iF7ot9grEY +Pjlr4GqI2jhh7u/QuSCyvp54yF3DkAGT8on/IYv7PksnPOw32apWqinADGJWYCAD +NgPMxo019+qGWbf4qUUooWLots0VJjCNhF2OPGmSGv5c/O1gespAC1E1CX5wgPEn +hSkU1kUACauXyJYrs4tL5VKOcx1Km4J3kyCJYyE9RfTC5s0KovI/qKGgcCqFO4Bv +iqT4aTbkhPdbztMPRgUobd3UoHyMA+lvAHnyOix47U+LQ43BMuHRuF0g3z8gpx4j +6RdJoqueLg/tMuRJ250kUU8bWpXEmOUjH1dZkT6m03Ez6oIFvxCTiPEe9VveXZkH +przs4L+AdnAaAsOD4joz0kqD7Wu16yw0TPubJpYV+TWzo854gLqFIdR6hoAnY78U +d6thq4kPHkZqG0qIqcfpvBKBxli4Ecza7utwYCSDkW7C5c9hGV8TtE6Sj4sh/oZP +YXIjb9iNcLhD1Npnli6fUs1Uf5P0aedU1TLSunI1tzGr4gD6HqJX4BXc1TKQKPrL +sRtscfdAHPy+QFLhK59ALalvvDwAHqu/EhlOi8xypBAhOAe3seAL7QYE8wNaVh0F +qBmI363JEum0Cv7ObGUlPta/bEIRjnI0TbwsX+Bpt3QB51/1j1f8MYKKToOr6m4D +DrK1ABEBAAGJAjYEGAEIACAWIQSGl14uoU0xJCAYn47VUE3ORp3SbAUCYxHDEwIb +DAAKCRDVUE3ORp3SbK6CD/9+SWRPjIiAgSELmUBOCrJf4dl6wuJhuJumFrlO2CMb +u7bfNg/P3eO533cF5SACH00t7qtgYWh/ykix3r+8nbbXGBX5PAo2FG2yVb8xiodQ +wL8A6Wxa4XAQ0pFlQ3gWxMEvDmDJoCd3JvLAtdOxh0ytgLYENDz284sxdJp6t5F9 +PwIc/eGPxIdfUdG82G9VM2TlYu59Glm1IhJy47CTzcqSiSn/kTmco628p9qI2aBh +7uyePaVXcJa9mz6KQos8HUlK4CRD/O7zNsAztl6MjTgJaTUfPj0qMZ2zMFelpj+F +PoNEAuI28x5l89R+7+i+8Q4Pre6XLptVpbaNSrda5pc17hBTpNl7jpn0gcZbkto3 +OIk32GFbSJnP/EFqoicEDHnzhRoDPoay5okwW5bWDA5xNseHTrwdyEm5hmF5GfsD +xTeKTuphDxquHTPNaG2Z1Hx69J6bWtVlg7FTxhA9EN0lgnJSqQqy1T2EsbgjpsUx +4AocHZFOWGl4lsGROn7XZfvq8L04Kt6pBL41KW83GwscJQBDvDxNquZSw0bfBN0k +g1+djZnolh3dHGzMHkAn1l664UDije1+zrRLr0ucA+MavlEKBsB5ZskgnaWVeYaY +QJL+JSPQ3KKh6YdpZO9ppOnx9eDgl4/Cok/9OYyG+n+444KZZ3Pw+zKlcPd9SrW7 +Ag== +=LEk2 + +-----END PGP PUBLIC KEY BLOCK----- +
+ +:::tip Please file a report if... +1. You think you discovered a potential security vulnerability in Swan's APIs or services. +1. You are unsure how a vulnerability affects Swan's APIs or services. +1. You think you discovered a vulnerability in another project that Swan depends on. +::: + +:::danger Please don't file a report if... +1. You need help fine-tuning Swan components for security. +1. Your issue isn't security related. +::: \ No newline at end of file diff --git a/redirects.js b/redirects.js index 55740867e4..95e822a64f 100644 --- a/redirects.js +++ b/redirects.js @@ -442,4 +442,8 @@ module.exports = [ from: "/topics/accounts/documents/guide-upload", to: "/topics/accounts/documents/guide-upload-onboarding", }, + { + from: "/partnership/overview/protections", + to: "/partnership/protections/financial/", + }, ]; diff --git a/sidebars.js b/sidebars.js index c461ee86f6..b48dd38163 100644 --- a/sidebars.js +++ b/sidebars.js @@ -532,11 +532,22 @@ module.exports = { collapsed: true, items: ["partnership/overview/guide-orias"], }, - "partnership/overview/protections", "partnership/overview/rules-regulations", "partnership/overview/country-coverage", ], }, + { + type: "category", + label: "Protections", + collapsible: false, + collapsed: false, + items: [ + "partnership/protections/financial", + "partnership/protections/fraud", + "partnership/protections/data", + "partnership/protections/report-vulnerability", + ], + }, { type: "category", label: "Document center", diff --git a/styles/alex/ProfanityUnlikely.yml b/styles/alex/ProfanityUnlikely.yml index a4f55b392f..f6c4fbcacd 100644 --- a/styles/alex/ProfanityUnlikely.yml +++ b/styles/alex/ProfanityUnlikely.yml @@ -117,7 +117,6 @@ tokens: - fire - firing - fore - - fraud - funeral - fungus - gay @@ -202,7 +201,6 @@ tokens: - redlight - refugee - reject - - remains - republican - roach - robber