Your Security is Paramount at Stuypend
We combine best-in-class security technology with common sense measures to keep you safe when using Stuypend. It is important to know that Stuypend never receives your banking information and that you will authenticate directly with your bank, not Stuypend.
Stuypend is built on the Dwolla API provided by our ACH technology provider, Dwolla Inc, together with their network of bank and financial institution partners. Dwolla connects you securely with your bank over an encrypted channel so that your credentials are authenticated directly and only with your bank (learn more about Dwolla's security here and here).
This encryption also means that even Stuypend doesn’t receive or store your banking credentials. We are unable to access your banking information and therefore no banking information is kept on Stuypend’s servers, or on your device.
Instead, your bank will issue Stuypend a randomized token after you have authenticated that allows you to initiate payments through the app.
To prevent unauthorized purchases, the Stuypend app can be secured with a PIN code or fingerprint lock on devices that support fingerprint scanning. We strongly recommend setting up one of these options to keep your transactions secure, and using one of these options or a password to lock your phone as well.
Customer users confirm purchase amounts on their phone before the transfer is initiated, ensuring that payment amounts are correct.
Finally, Stuypend limits the total amount of payments that can be made per day to $50 by default. This amount can be changed in the app’s settings after entering your pin.
All data transfers through Stuypend (data in transit), and all the information that is stored on our servers (data at rest) are secured using strong encryption.
Encryption is an important tool for keeping data safe online and it's important for users to have knowledge of how it works. Here are good resources from non-profit Mozilla and the BBC.