Mercury Security
Business Tools
Summary
🔑 Key Takeaway for Mercury: Secure your Mercury account by enabling two-factor authentication, regularly reviewing active sessions and linked profiles, and for organizations, enabling ACH authorization and dual admin approval to prevent unauthorized transactions.
This checklist is adapted from Auditware's W3OSC standards.
For Individuals
These settings apply to your personal Mercury account. All team members and admins should configure these on their own accounts.
Account Security Checklist
- Personal >
- Security >
- Two-factor authentication > On
- Active sessions > Review and remove any unused or unrecognized
- Linked profiles > Review and remove any unnecessary or unrecognized
- Remembered devices > Review and remove any unused or unrecognized
- Security >
For Team Members
These guidelines apply to team members who have access to company Mercury accounts but don't have full administrative access.
Team members should:
- Ensure their individual account settings are configured according to the checklist above
- Be aware of their permissions and only perform actions within their authorized scope
- Report any suspicious activity or unrecognized transactions to admins immediately
For Admins
These settings and practices apply to Mercury account administrators with elevated privileges.
Company Settings
- Company >
- Controls > ACH authorization > On
- Approvals > Dual admin approval > On
- Integrations > Review and remove any unused or unrecognized
- API Tokens > Review and remove any unused or unrecognized