Home Small Business Concur Breeze Safe and Secure

Your data is safe and secure with Concur

Concur, the world leader in expenses management, takes your security – and those of over 15 million other Concur users – very seriously.

We provide bank-level security

Concur® Breeze uses 128-bit SSL encryption as well as 24/7/365 physical security.

You cannot move money

Concur Breeze is a read-only service. It is not possible to transfer money in or out of the system.

We have regular external security and operational audits

These include ISO 27001, ISO 20000 SSAE16, Payment Card Industry Data Security Standard (PCI DSS) and more.

Concur provides bank-level security by protecting all sensitive data in transit and when stored on Concur systems. Concur is trusted by companies of all sizes to keep their data safe and secure.

We perform extensive security scans of the Concur Breeze service

Including a daily security scan by McAfee.

Concur provides bank-level security by protecting all sensitive data in transit and when stored on Concur systems.

  • Concur always transmits personal and financial information securely using SSL-128 and better encryption.
  • We store transaction information at a secure facility with 24/7 security guards, video surveillance, intrusion alarms and biometric security.
  • From the moment we receive it, we store your information only on Concur-owned servers. Only Concur full-time employees have access to these servers.
  • All Concur employees pass rigorous background checks at the time of employment.
  • Concur performs all of its own software development, and performs code reviews and security scans on software changes.
  • Concur monitors the entire Concur Breeze environment for unauthorized intrusions, unauthorized changes and tampering 24/7/365.
  • We do not transmit, move, sell or give away any of your information to any third party.

Concur has many external security and operational audits of Concur Breeze each year, to ensure the highest possible security for our customers’ data. These audits are:

  • ISO 27001, the international standard for information security management. No other expense services provider can make this claim.
  • ISO 20000, the international standard for information technology incident management. This ensures that Concur Breeze will have the highest possible integrity and availability for our customers.
  • SSAE16 and ISAE 3402, the U.S. and international standards for accounting and operational audits. These audits ensure that business processes related to the development, operations, management and security of Concur Breeze are effective.
  • Payment Card Industry Data Security Standard (PCI DSS). Concur is a PCI compliant level 1 service provider. Concur undergoes annual external PCI audits to ensure that all of the technology and business processes protecting credit card data are in place and effective.

In order to combat fraud:

  • Concur will never ask you for any personal information other than your customer ID and password when logging in to Concur Breeze.
  • Concur will never ask you to provide any sensitive information via e-mail – even your user-ID and password.
  • If you receive an e-mail claiming to be from Concur that asks for personal information, do not respond to the message, click on any links in the message or download any attachments in the message.