Count on Moss to keep your funds and data safe
BaFin-regulated, ISO/IEC 27001:2022 certified platform, and advanced security features keep your financial operations protected, every step of the way.

Keeping your money safe
Moss guarantees business continuity by safeguarding your funds with Deutsche Bank, under BaFin supervision.
Keeping your data safe
Moss prioritises privacy-first practices, protecting sensitive data and upholding GDPR compliance.
Making compliance simple
Moss complies with all legal and regulatory requirements of an e-money institution, meeting the highest standards for compliance.
Trusted by finance teams at Europe's leading companies
1.
Trusted standards and security
Built to meet both local and global standards
Moss operates under the highest industry standards and regulations. From regulatory compliance to operational security, Moss ensures your funds and data are always protected.
- BaFin-regulated financial institution under PSD2 framework
- ISO/IEC 27001:2022 certified
- Compliant with Digital Operational Resilience Act (DORA)
2.
Protect every transaction, every time
Security features built into every step
Advanced security protects account access, task approvals, and payments.
- Multi-factor authentication: Extra layer of login security
- Biometrics: Access and approval verification
- 4-Eyes Principle: Multi-level approvals for sensitive actions
- SSO for organisation-wide access management
3.
Trusted global partnerships
Strength through strategic partners
Moss collaborates with regulated partners to ensure secure and compliant payments, giving you confidence that your funds and transactions are always protected.
- Deutsche Bank safeguards EU funds
- Barclays and Bank of England secure UK funds
4.
Data security and privacy
Privacy-first data protection
GDPR and privacy-first practices safeguard your data and ensure transparency.
- EU data hosting
- Regular independent security tests and audits, including monitoring by Ubiscore
Pay as you grow
Our pricing model is unique—just like your business. Design your ideal package: start with a base like Corporate Cards, Employee Reimbursements, or Accounts Payable, enhance with add-ons like Advanced Accounting or ERP integrations, and upgrade to an integrated suite when you're ready.
Best-in-class customer service, mobile app, and all the financial integrations you need to start effectively managing your spend.
Maximise spend efficiency and control with unlimited cards, customisable limits, and automated receipt fetching.
Make submitting reimbursements quicker and easier through streamlined upload and approval, and employee payouts directly from Moss.
Streamline accounts payable flow with customisable review process, effective supplier and OCR based automation, and one-click payments.
Improve financial oversight through budget tracking, spend insights, and greater flexibility in your approval flows.
Simplify purchasing through real-time budget oversight and efficient handling of purchase requests.
Native integrations to your ERP system, including support for any controlling dimensions that your business uses.
Enhance your pre-accounting experience with AI based automation, project-specific tracking, or the setting of mandatory fields.
FAQ
How does Moss ensure the security of its platform?
Moss integrates advanced security measures, including regular penetration testing, secure software development practices, and continuous monitoring, to protect our platform and customer data from emerging threats.
How does Moss protect customer data?
Moss protects data through industry-leading encryption protocols (TLS 1.2+ for data in transit and AES-256 for data at rest), strict access controls, and secure hosting exclusively on Google Cloud Platform (GCP) in Frankfurt, Germany. Continuous monitoring and regular audits further ensure the confidentiality, integrity, and availability of data.
What measures are in place to ensure business continuity?
Moss has a robust Business Continuity Plan (BCP) that includes infrastructure redundancy, regular backups, and disaster recovery strategies. These measures ensure the uninterrupted operation of services and swift recovery from unexpected disruptions.
How does Moss respond to security incidents?
Moss follows a comprehensive Incident Response Plan, which includes early detection, containment, resolution, and post-incident reviews. These processes are designed to address threats quickly while continuously improving our response capabilities.
How does Moss ensure vendor security?
Moss conducts rigorous due diligence and regular security assessments for all third-party vendors. High-risk vendors undergo additional scrutiny to ensure compliance with our stringent security and regulatory standards.
What security training do Moss employees receive?
All Moss employees complete regular security awareness training, including phishing simulations, to stay informed about the latest threats and best practices.
How does Moss encrypt data?
Moss uses Transport Layer Security (TLS 1.2 or higher) to encrypt data in transit and AES-256 encryption for data at rest. These measures protect data from unauthorised access and ensure secure communication and storage.
Where is customer data hosted?
Customer data is hosted exclusively in the European Union on Google Cloud Platform (GCP), with Frankfurt, Germany, as the sole data processing region. This ensures compliance with GDPR and other EU regulations. See our security whitepaper for more details.
How does Moss manage data backups?
Moss performs incremental backups daily and full backups weekly, securely stored on Google Cloud Platform (GCP). These measures ensure rapid recovery in case of data loss or disruption.
What should I do if I suspect a security issue with Moss?
If you’ve identified a potential security vulnerability, please report it through this form. We appreciate responsible disclosure.
G2
4.7
Experience modern spend management with Moss.
