The security of our customers and business partners is our priority. Affirm maintains a security program designed to protect sensitive data, respond resiliently to cybersecurity threats, and meet regulatory and industry requirements wherever we offer our services.
Established standards such NIST CSF, NIST 800-53, PCI DSS, and AICPA trust services criteria inform our program and serve as frameworks for benchmarking our security. We use independent third parties to audit our compliance, and we regularly engage external security experts to test our systems.
Affirm takes care in building websites and apps that are safe for customers to use. Our developers continuously work to improve our code and review it for flaws, and we use web application firewalls to stop potential attacks online.
Affirm keeps personal information confidential through using industry-standard encryption both in transit on the internet and at rest on our systems.
Affirm uses tools and technologies to identify and respond to suspicious activity on our systems, like unusual login attempts.
Affirm hosts its systems in state-of-the-art data centers that maintain strict controls around access, redundancy, and environmental hazard protections.
Affirm engages trusted firms to conduct in-depth third-party audits of our security throughout the year. We are a PCI DSS Level 1 Service Provider for processing cardholder data, and maintain SOC 1 and 2 Type 2 reports in accordance with the AICPA.
Affirm has published an FAQ on the Evolve Bank Partner Vendor Incident. Please find the full information here.
Subject: Important Information Regarding Your Affirm Card
As an Affirm Card user, we wanted to alert you of a recent cybersecurity incident at Evolve Bank and Trust, an issuing partner on the Affirm Card (not an originating bank partner for Affirm loans). The incident may have compromised some data and personal information Evolve had on record. Rest assured, your Affirm Card and Affirm Money Accounts are still working and safe to use.
Since being made aware of the incident the evening of June 25, 2024, we immediately began an investigation to determine if any Affirm consumer information had been compromised, and we are continuing to look into this.
While we use a variety of methods to keep your data safe, you can further enhance the security on your accounts by:
- Resetting your card PIN in the Affirm app.
- Setting up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion. You can also request and review
your free annual credit report at any time by visiting www.annualcreditreport.com or calling toll-free at 1-877-322-8228.
Additionally, know that if fraud occurs on your account, you’re protected. You’re not responsible for any unauthorized purchases, and we’ll do everything we can to help you through the situation.
As always, if you see any unusual activity on your Affirm or Affirm Card account, please follow these steps or contact us here. Affected Affirm Card users will be notified directly in future communications.
Thank you for your continued loyalty to Affirm
The Affirm Team
Affirm is aware of a cybersecurity incident involving Evolve, a third party vendor that serves as an issuing partner on the Affirm Card. We are actively investigating the issue. We will communicate directly with any impacted consumers as we learn more.
If you need help using this Trust Center, please contact us.
If you think you may have discovered a vulnerability, please send us a note.