Security at One
At One, your account security is important to us. We use different tools and strategies to keep your One account secure.
Encryption
One protects data with 256-bit AES level encryption. All accounts are protected by requiring multi-factor authentication for login, as well as a multi-layered risk and anomaly analysis of each login attempt. In addition, customers can use biometric identification, such as Face ID and fingerprint authentication, to open the One app after their first login.
Notifications
One customers may receive alerts regarding actions taken on their account. To receive these alerts, turn on notifications during account setup or in your phone's settings.
Instantly block transactions
If your card is lost or stolen, report your card as Lost or Stolen within the One app to deactivate it and prevent unauthorized purchases:
- Select the card icon from the One Cash section of the One app
- Tap Replace card
- Select My card was lost or stolen
- Verify the mailing address where we will send your new card
- Select Replace My Card and confirm your request
You can also tap here and select Replace card to deactivate your card and prevent unauthorized purchases in the One app.
A new card will be sent to the mailing address on file arriving within 7-10 business days.
Note: One Retail Cards that have not been activated or that are activated for Limited-use cannot be replaced.
If your One debit card is temporarily misplaced and you do not have any suspicious activity on your card, you can freeze your card:
- Select the card icon from the One Cash section of the One app
- Select the option to toggle it to ON next to Freeze Card
To freeze your card in the One app, tap here and toggle the Freeze Card button ON.
You can continue to use your One card in your mobile wallet while your physical card is frozen. Subscriptions and recurring payments on your One card will also continue to be processed while your card is frozen.
To unfreeze your One debit card, follow these steps above or tap here and toggle the Freeze Card button back OFF.
What is Phishing?
Phishing is when a scammer sends a message designed to trick a victim into revealing sensitive personal information or allowing the scammer to plant malicious software into the victim’s accounts.
Please be aware that One will never ask for any sign-in information, such as your app Passcode or one-time verification code, full Social Security number (aside from when you open an account), or account passwords. Any email correspondence from One will be sent from an address ending in @onefinance.com or @one.app.
Responsible Disclosure for Security Researchers
One is committed to protecting the confidentiality, integrity, and availability of our customer's data. We value collaboration with the security research community and welcome reports of potential vulnerabilities through One's Vulnerability Disclosure Program (VDP). Reports may be sent to responsible-disclosure@one.app. We ask all researchers to operate in good faith and to notify us as soon as possible once a potential vulnerability is found. We also ask that researchers adhere to the below rules:
- Do not publicly disclose vulnerabilities or discuss them outside the VDP without prior consent from One.
- Do not perform denial of service (DoS or DDos) tests or other tests that could potentially impair access to One's systems.
- Do not perform tests or actions that have the possibility of viewing, modifying, or destroying other users' data.
Customer Service Inquiries
If you are a One customer with a specific question about your account, you can get help by:
- Chat with us 24/7 in-app or say Agent in chat to be connected to a One Specialist
- Call us at (855) 830-6200 between 9 a.m. - 9 p.m. ET, 7 days a week.
- Submitting a help ticket email
We have a presence in various social media/social networking outlets and may occasionally identify and respond to customers seeking assistance with account-related issues.