Onbe | Trust Center

Onbe Security Trust Center

Onbe, Inc. Trust Center is dedicated to building trust and safeguarding sensitive information. Through the Trust Center, Onbe provides clients and partners with comprehensive access to documentation outlining its security frameworks, data protection policies, and compliance certifications. This centralized platform features information about Onbe’s adherence to industry standards, regulatory requirements, and internal controls, allowing stakeholders to review how Onbe manages risk, ensures transparency, and maintains a culture of accountability. The Trust Center also includes details on how Onbe responds to audits, implements privacy measures, and fosters ongoing communication regarding security practices, reinforcing its commitment to transparency and trust in every aspect of its operations. Treat the Trust Center as a single source of truth. Overall supports DDQs without exposing sensitive internal detail.

See Compliance Frameworks

Resources

Documents and Reports

PCI DSS V4 AOC

SOC2 Type 2 Report

SOC 1 Type 2 Report

Information Security Policy

SOC2 Bridge Letter

Data Retention Policy

Privacy Notice

Code of Conduct for the Credit and Debit Card Industry in Canada

Business Continuity

IRP

View all

Subprocessors

Third Party Associates Sub processor usage is program specific, and not all sub processors are engaged for every client or product. Each sub processor is subject to contractual data protection requirements and ongoing third-party risk and compliance oversight. Onbe is committed to protecting the confidentiality, integrity, and availability of customer and partner data.

FISERV

Onbe uses Fiserv, Inc. as a transaction processor and physical card fulfillment partner for applicable programs. In this capacity, Fiserv functions as a data sub‑processor and may process customer or end‑user data as necessary to perform contracted processing and fulfillment services on Onbe’s behalf.

FIS

Onbe engages Fidelity Information Systems, LLC (FIS) as a transaction processing service provider for certain payment and card‑related program functions. FIS acts as a data sub‑processor and processes data only as required to support authorized transaction processing activities on behalf of Onbe.

Arroweye

Onbe uses Arroweye Solutions, Inc. as a physical card fulfillment provider for applicable programs. In this role, Arroweye acts as a data sub‑processor and may process limited personal data strictly as necessary to support card production and fulfillment services on behalf of Onbe.

Microsoft

Onbe uses Microsoft Azure as a cloud infrastructure provider to host components of the Onbe platform. In this capacity, Microsoft acts as a data sub‑processor, providing secure computing, storage, and availability services that may involve the processing of customer or end‑user data on behalf of Onbe.

Compliance

Information Security Frameworks Onbe aligns its security, privacy, and compliance program with recognized industry standards and regulatory frameworks to support customer, partner, and regulatory expectations. Key frameworks include SOC 2 Type II for security, availability, and confidentiality controls; PCI DSS v4 for the protection of cardholder data; and global and U.S. privacy frameworks such as GDPR and CPRA/CCPA. Our product security program is designed to reduce risk, support regulatory and customer expectations, and transparently communicate how security is embedded across our technology, people, and processes. This Trust Center summarizes our security posture and provides a structured view of the controls, measures and frameworks supporting our platforms.

PCI

SOC 2 Type 2

CCPA

GDPR

SOC 1 Type 2

FAQs

Being that compliance is a requirement for client acquisition; the Security team manages Onbe’s Trust Center. Which is a webpage that shows how Onbe safeguards data and meets security and compliance standards. It provides security policies, compliance reports, and test results in one place, helping stakeholders easily verify Onbe’s commitment to security. This is an effective way to demonstrate real-time information security maturity and reduce friction across security reviews. Although security questionnaires and manual document sharing are still the most common way to exchange compliance information today, Trust Centers offer a more scalable and proactive alternative.

FIS (Fidelity Information Services, Inc.) Fiserv / Fiserv Solutions, Inc. Arroweye / Arroweye Solutions, Inc. These third parties are engaged to support secure and reliable delivery of prepaid card services and operate within defined responsibility boundaries aligned with industry security standards.

The Trust Center is intended for clients, prospects, partners, and other stakeholders conducting security or compliance due diligence.

Yes. Access to systems and data is restricted based on role and business need.

Onbe monitors its Azure infrastructure for unusual or unauthorized activity and regularly audits access to ensure compliance with security policies. Logs are reviewed daily, and next-generation firewalls and network monitoring help block unauthorized access.

Onbe manages prepaid card programs and partners with regulated payment processors and fulfillment providers to support secure card issuance and transaction processing.

Onbe’s involvement in payment card data handling is defined within its PCI DSS scope and supported by approved third‑party service providers.

Onbe aligns with multiple industry and regulatory frameworks, including SOC 2 Type II, PCI DSS v4, GDPR, CPRA, and Regulation E.

Yes. Clients may request certain compliance documents through the Trust Center, subject to access controls or NDA requirements.

Onbe maintains procedures to support applicable data subject and consumer rights under privacy laws such as GDPR and CPRA.