A Float card can become compromised for several reasons. This article explains some of the most common causes, what Float does to monitor suspicious activity, and a few practical ways to lower the risk.
Please note: this article only applies when a card has been compromised.
It does not apply when:
- An employee used their card for spending that was not approved for business use
- A cardholder willingly completed the transaction but was later scammed by the merchant
For more information, please see:
Lost, Stolen or Compromised Cards
What to do if your Float card is used fraudulently or charged incorrectly
Why a Float card can become compromised
There are several ways card information can be exposed or stolen. This can include:
- Phishing scams
- Tampered payment terminals that capture card data
- Card cracking (card guessing bots)
- Compromised websites with weak security
Float is unable to determine exactly how a card was compromised. Since the event happens outside of Float, we do not have visibility into the point of compromise.
How Float monitors fraudulent activity
Float actively monitors for fraudulent activity. Our systems are continually updated to detect and respond to new fraud patterns.
If a card becomes compromised, cardholders and businesses are protected. If a transaction occurs that you did not authorize, you are not liable*. Float has a dispute process in place to help you resolve any fraudulent and unauthorized charges.
*See Float's cardholder agreements for more details:
For more information regarding disputes, please see:
Disputing a charge on your Float card
Validity of Disputes: Understanding What Constitutes an Invalid Dispute
Dispute Resolution Process at Float
Ways to lower the risk of card compromise
While no card program can eliminate fraud entirely, these habits can help reduce the risk:
- Be cautious of phishing emails, text messages, or phone calls asking for card details or login information.
- Do not share cards with other people.
- Do not save card details on devices or accounts that other people can access, such as a personal Google account that is signed in on multiple devices.
- Avoid entering card details on websites you do not recognize or trust.
- Check payment terminals before using a physical card for anything that looks damaged, loose, or unusual.
- Review card activity regularly so suspicious charges can be spotted quickly.
- Pause a card right away if it is lost, stolen, or if you notice activity you do not recognize.
- Report unauthorized activity on Visa or Mastercard cards within 60 days. After that, it may be more difficult for Float to help.
- Use secure devices and internet connections to log in to Float.
- Bookmark the Float login page or access it through your password manager instead of searching for it online.
Additional ways Administrators can help protect the business
Admins can also help reduce risks by:
- Deactivate a user's Float account right away when they leave the company.
- Be thoughtful about who gets Administrator access.
- Use MFA and SSO where available.
- Set merchant controls so cards can only be used where needed.
- Turn on notifications by text, email, or Slack so unrecognized transactions can be spotted quickly.
- Set card limits based on what each employee needs.
- Consider pausing cards for employees who are on leave and may not be checking transactions regularly.
- If a card needs to stay active for subscriptions, reassigning it can help. If the card belonged to an employee who left on bad terms or was let go, terminate the card instead.
For further tips, please see: Float Safety Cheat Sheet