Fraud protection
Fraud attacks grow more complex every day. It's important to know how Swan works to keep you and your users safe, as well as how to prevent, react to, and report suspicions of fraud.
Review the page covering common types of fraud to understand types of fraud your users might face.
Visit Swan's Trust Center for live information about Swan's security. Understand security measures in depth, review policies, and find answers to frequent security questions.
Swan protects you and your users
Your protection is Swan's priority. Consider the following ways Swan strives to keep you and your users safe.
| Area | Protection |
|---|---|
| ∗ Contact with your users | Swan never calls your users unexpectedly. If a user receives an unplanned phone call from Swan, strongly encourage them to hang up, then inform you and Swan immediately. |
| To keep communication with you and your users secure, Swan prefers that both you and your users open tickets instead of emailing Support. The partner and end-user support forms initiate a secure way to communicate about sensitive topics. | |
| Swan might ask your user to verify their name or phone number to confirm their identity. Any other requests for sensitive or account information occur through secure tickets and exclusively for valid reasons, such as an enhanced transaction review. | |
| Payments | Swan offers single-use virtual cards (SUVs). Consider prioritizing issuing SUVs as it's more difficult to use them fraudulently. |
| You and your users can save trusted beneficiaries. Only eligible account members can send credit transfers to unsaved beneficiaries. | When making online payments, you and your users must complete 3-D Secure (3DS), an extra security layer when paying online. Please note that Mastercard might bypass 3DS if they decide a payment is low risk. |
| Authentication and Consent | To access Swan platforms, you and your users must log in. If there's no activity for a set time period, you're automatically logged out to ensure the security of your account. |
| Swan uses a mix of biometrics, passcodes, and one-time passwords to secure access to Swan platforms. | |
| You and your users must consent to all sensitive operations. | |
| One time every 24 hours, your users are required to acknowledge a fraud warning before consenting to a transfer. |
∗ You, your users, and Swan each have a direct relationship due to the three-party partnership model. As a result, Swan contacts your users directly, when necessary, respecting strict privacy guidelines.
Managing fraud
The Swan Support Center includes several articles written for your users to help them reinforce their safety online. The information mirrors the information shared here, but it's adjusted for the end-user experience. Each article also includes how to report fraud.
Prevent
Preventing fraud is a critical responsibility shared by you, your users, and Swan. Follow these tips strengthen your product integration and help your users avoid falling victim to fraud.
🧠 Know what fraud looks like.
Fraud often looks close to the real thing, but not quite. Any time a communication feels suspicious, evaluate it closely, applying the actions described in this section.
Learn about different types of fraud and how they're attempted. Review the page covering common types of fraud, and stay informed about new ways fraudulent individuals are trying to trick people.
⏳ Don't respond urgently.
Fraudulent individuals try to pressure you and your users into believing that their request is urgent and must happen immediately. Don't fall for it. Instead, follow established processes. Don't let fraudulent individuals convince you to bypass processes due to urgency.
💬 Use a secondary communication channel.
If you're concerned about a request, it's never a bad idea to confirm with the person or organization who sent the request in another way. Don't hesitate to contact them through another communication channel.
If they called you, email them. If they emailed you, call or text them. You could also contact them on a social media platform you know they use and control.
🔎 Double-check.
If a request feels suspicious, it never hurts to double-check. Check for typos or errors in names, websites, email addresses, and messages. If you receive a phone call, consider whether it sounds authentic.
When requests include a link, hover over the link and look in the bottom corner of your browser to confirm the link looks legitimate. You could also open a new tab or window and search for the website on your own instead of opening the link provided.
🔐 Protect account information.
You and your users have a lot of control around protecting your account information. Use unique passwords and passcodes every time. Store them in a secure password manager.
Consider making multi-factor authentication (MFA) or two-factor authentication (2FA) mandatory for your product, and activate it for personal use for any app you can. Help your users understand that activating MFA or 2FA is like adding a second lock to a door, for which the key is a one-time password texted to you or a code from a secure app. While MFA and 2FA add an extra step to logging in, they increase online safety significantly.
Pairing strong password hygiene with MFA or 2FA keeps your information much safer.
Never share login information using insecure channels, like text message or email. If you need to share login information with someone you trust, use your password manager's built-in sharing feature.
☑️ Stay up-to-date
Keep the software on your computers, phones, and other devices up to date. Software providers regularly improve built-in safety measures, so take the time to install updates.
Review Swan's Changelog regularly and update your integration accordingly so your product remains secure.
Putting these tips into practice can help you and your users to prevent fraud as online fraudulent activity becomes increasingly prevalent.
React
If you or your users suspect fraud, please react immediately. Remember, Swan never contacts you or your users to transfer money outside of established Support channels. As a Swan Partner, you also shouldn't contact your users to transfer money.
If a request feels urgent, your users should contact the requester using a second, previously known communication channel. For example, if your user receives an email request, they should call the requester using a phone number they already have—not a phone number provided in the original email.
Swan invites you and your users to be SAFE, not sorry (borrowing from the Yale University Information Security Office). Encourage the following behavior from your users, and practice it yourselves.
| Action | Explanation |
|---|---|
SSee something suspicious? | Pay attention to how you feel about a request, and encourage your users to pay attention, too.
|
AAct quickly | Report the incident to Swan right away. Don't wait, don't be embarrassed, and don't let someone talk you out of your gut feeling about the incident. However, don't respond quickly to the request. Wait to transfer funds or provide information until it's confirmed to be a legitimate request. |
FFollow instructions | Provide Swan with all requested information as quickly as possible. Stay actively responsive as Swan follows up on the incident. |
EExercise discretion | Be careful until you know the account is secure. Reset passcodes, limit account membership permissions, and anything else you feel might protect you until the incident is resolved. |
Report
If your users are victims of fraud with their Swan payment accounts, they must file a fraud dispute with Swan. You can also alert Swan to suspected fraudulent activity.
Reporting fraud to Swan is urgent and mandatory.
Swan processes fraud disputes based on criticality. All fraud disputes are analyzed, but they're not all accepted. Swan responds as quickly as possible.
Share the dedicated Support Center article to help your users file their fraud dispute: