How doxo Protects Your Security
doxo Provides Financial-Grade Security
doxo utilizes security technologies and methods that meet or in many cases exceed those used by banks, brokerages, and other financial institutions. Critical data and documents are always encrypted and stored securely. doxo systems are built by a team with deep experience developing secure, highly reliable transaction processing systems – systems that have processed billions of online and mobile transactions.
doxo is designed to increase the security and privacy of your data.
Mail, notes, files, bills and critical paper documents often contain sensitive and personal information. Unfortunately, paper documents often are stolen or become compromised. According to Javelin Research, 90 percent of consumer data theft and compromise occurs via OFFLINE channels and not via the internet.
doxo continuously monitors all accounts, takes action as needed to protect our systems and data, and notifies you if we identify security issues related to your account. Security protections for your data and documents include:
- doxo utilizes financial institution level security encryption. doxo systems use RSA 2048 encryption with an AES-256 symmetric key.
- doxo systems are operated in a distributed data center with security monitoring and protection 24 hours a day, 7 days a week.
- You register anonymously. doxo does not require your name or any personally identifiable information.
- Your login credentials are always encrypted.
- You are automatically logged out of your account after a period of inactivity.
- Your security image (which you select when you create your doxo account) is always used to prevent phishing attacks. You should never provide your password unless you recognize your security image.
- Any attempts to access your account from an unrecognized machine are always challenged with an additional security question (which you select when you create your doxo account). No access is ever granted on any unfamiliar machine unless your security question is correctly answered.
- doxo provides alerts and notifications to increase your security. You are notified of key account activity like the receipt of documents.
Connecting on doxo protects your security and privacy.
When your providers are on doxo, you can connect with them and go paperfree, so that they send electronic documents to you directly on doxo. Connections on doxo are one of the key methods that protect your security.
- You always decide when and if to connect with a provider. No provider can connect with you on doxo at any time unless you approve.
- Each time you choose to connect with a provider, you identify and verify yourself to the provider with your own account credentials and information. Providers independently confirm your credentials and identity before a connection is established.
- No provider can ever send information to you on doxo unless you have connected with them. You can disconnect from a provider at any time.
- You always receive notification when a connection is established (once approved by a provider) or terminated.
- Once connected, information or documents that your providers send is always encrypted and delivered through secure doxo systems.
- doxo always validates the source of documents received and confirms that they have a connection to you on doxo before they are delivered into your doxo account.
- Once connected, providers can only use doxo to send you information. Providers can never access or retrieve information from you or your account unless you initiate the action. doxo never pulls any information from your accounts with your Provider that they do not send.
How you can protect your doxo account
The leading cause of online security failure is when personal access credentials are compromised. The following guidelines are your best means to protect your doxo account:
- Don’t ever share your doxo username or password with anyone.
- Make sure that your password is hard to guess. Doxo strongly recommends that you use a password that is complex, with both numbers and capital letters.
- Any time you suspect your doxo credentials may have been compromised, you should immediately change your password.
- You should never provide any account information or access credentials in an email. doxo will never request that you send us any critical account information in an email.
- When you are accessing your doxo account (or any other site where sensitive information is shared), make sure you have a secure internet connection. The web address or URL for a secure site, which uses encryption to protect transmitted data, will always begin with “https:” instead of just “http:”
- Carefully monitor your account and review the notifications you receive from doxo regarding your account. These are your best means to identify any unusual activity.
- Always log off when you are finished using your doxo account (as an additional protection, doxo systems will automatically log you out after a period of inactivity.)
- Be certain that you have anti-virus protection, anti-spyware programs, and a personal firewall on any computer you use to access doxo.
- Don’t install programs from people or companies you don’t know.
- For any documents you upload into doxo, you should always shred any physical copies before recycling them. You can always print them later from your doxo account if you need a paper copy.
Keep in mind that the vast majority of fraud and information theft is conducted through low-tech methods such as mail theft, or someone rifling through your trash. By creating an account and storing your information in doxo, and by carefully monitoring your account activity, you greatly reduce your risks.