Security Center

See how OnDeck actively protects your data, and get tips to keep your information secure.

Count on us to keep your information secure.

When business owners apply with OnDeck, we know that they’re trusting us with more than just their information — they’re trusting us with the security and safety of their business. That’s why we adhere to the following protocols to make the OnDeck experience as safe as possible:

  • Our websites are encrypted.

  • We encrypt data in transit.

  • We monitor our systems to maintain their confidentiality, integrity and availability.

  • We train our personnel in cybersecurity awareness.

  • We restrict access to our systems and data to only those associates who need access to perform their job responsibilities.

Follow these tips to avoid scams and fraud.


Fraudsters will sometimes pretend to be online lenders or debt collectors in an effort to get your money. Keep these tips in mind:

  • Never pay in advance for the promise of a loan.

  • Never make payments over the phone unless the details of your original loan can be confirmed.

  • Never send money to anyone if you don’t recall taking a loan from them.

  • Do not provide personal information in response to an unsolicited or suspicious call or message.

  • Never give out personal information if you cannot identify the identity of the person contacting you.

  • End the call if any caller starts making threats.


Social engineering attempts (also known as “phishing”) aim to steal user data and sensitive information. These are typically characterized by the following:

  • Unexpected outreach. Someone “responds” to something you haven't asked.
  • Unwarranted sense of urgency. Someone is trying to get you to do something quickly, or to avoid dire consequences.
  • It’s too good to be true. Someone is promising huge reward or payoff in exchange for immediate disclosure of information.
  • Something's "off." Look for atypical grammar or spelling, such as a hyperlink being misspelled. Perhaps the email sender address is different than expected, or you're being asked to share your password.

If you ever have a question about your OnDeck account or whether a communication you’ve received is legitimate, please contact us.

Keep your customers safe.

Incorporating security and privacy into your own business is not only a best practice — it can be a value-add for your customers. Here are a few tips and things to consider.

Data minimization

Only collect the data you need to deliver your product or service. You should have a business reason for all the data you collect.

Data hygiene

When data is no longer needed to provide products or services and there’s no legal or regulatory obligation to retain it, securely delete it from your systems.

Data transparency

Draft and publish a privacy policy to disclose what data you collect from customers, why, with whom it is shared and for how long it is kept.

Report a security vulnerability.

If you’re a security researcher or have discovered a security issue with OnDeck, please report it confidentially so that we may investigate and respond. Please do not announce the issue publicly until we have implemented an update.

Security FAQs

Strong passwords are complex, unique and contain a combination of symbols, uppercase letters and lowercase letters. Use these tips to make your passwords stronger and more secure:

  • Avoid using easy-to-guess passwords with common words, names or places. Instead, use a combination of uppercase and lowercase letters and symbols to make a longer, more complex password.
  • Use two-factor or multi-factor authentication for an extra layer of security, whenever possible.
  • Don’t re-use passwords for multiple sites or accounts.
  • Keep your passwords to yourself.

Make sure to check for and install the latest system software to help keep your computer, smartphone and other internet-connected devices as secure as possible. Using a combination of anti-malware and anti-virus software can also help keep your devices safe from malicious files and other threats.

Whenever possible, use secure and encrypted websites. You can look for the lock symbol near to the URL bar on your screen to see whether a site is encrypted or not. Make sure to always look for the lock symbol before sharing sensitive personal information online. Additionally, avoid providing your sensitive data over shared or public Wi-Fi networks, even on secure websites.