Mercury is a fintech company, not an FDIC-insured bank. Banking services provided by Choice Financial Group, Column N.A., and Evolve Bank & Trust, Members FDIC. Deposit insurance covers the failure of an insured bank.
How we keep your funds safe
Your deposits are held in your name
Every Mercury account is structured as an individual demand deposit account (DDA), giving you full ownership, transfer rights, and FDIC insurance eligibility by law — with no middleware in between.
Read MoreNever lose sight of your funds’ protection
With Mercury Vault enabled on every account, you have an automatic and up-to-date view on exactly how your funds are protected.
Diversified by design
We spread your deposits across a network of FDIC-insured banks via our partner banks’ sweep networks. The result is your team’s optimal, diversified banking setup — all through a single dashboard.
Learn How Mercury WorksHow we protect your account
Automated fraud monitoring
Our world-class fraud detection and compliance teams work together to build tools and processes that spot unusual activities and stop them in their tracks.
Uncompromising MFA
We enforce multi-factor authentication across all your accounts using methods like Touch ID, never settling for insecure options like SMS.
Proactive protection
We use device verification to ward off phishers and services like HIBP to keep leaked credentials from being reused.
Dark web monitoring
To prevent fraud attacks, we monitor the dark web for phishing domains, infostealers, malware, and account sales.
Robust ACH authorization
Designate which vendors can initiate ACH debits from your account and receive notifications about any unauthorized payments.
Explore DemoControls that keep you in control
Set user permissions
Give the right level of access to the right people by assigning tiered user permissions to co-founders, accountants, and employees.
Your data. Your eyes only.
Stress-tested by the best
On top of regular internal and external audits, we pressure test our own security system through bug bounty programs and red team assessments. With ongoing employee trainings, we emphasize security as a shared responsibility across the company.
SOC 2 Type II compliance
Our security protocols and processes are first rate, and we undergo rigorous independent auditing to maintain them.
Robust encryption
We use strong, industry-standard protocols to keep your data safe and confidential, at rest and in transit.
PCI standards
We understand how important your credit card information is and we uphold PCI compliance to ensure it stays safe.
You have questions.
We have answers.
At Mercury, rather than holding deposits with a single banking partner, we give you the choice to opt in to our partner banks’ sweep programs, which then spreads your deposits across a network of established FDIC-insured program banks.
For example, if the partner bank on your Mercury account is Evolve Bank & Trust and you’re opted into Evolve’s sweep program, less than 10% of your Mercury deposits are actually held at Evolve. The majority of your funds are held across several other FDIC-insured banks in Evolve's sweep network. For a full list of banks within our partner banks’ sweep networks, you can review Evolve Documents, Column N.A. Documents, and Choice Documents on our Legal page.
Likewise, our banking and service partners such as Evolve Bank & Trust, Choice Financial Group, Apex Clearing Corp, Wise, and others are subject to rules and regulations specific to their business type. We work closely with our partners to comply with applicable laws and regulations so that we can provide the best customer experience possible.
- It maintains a detailed record of each Treasury customer’s holdings and is prohibited from using any of these funds or securities for its own purposes — or from commingling them with its own customers’ holdings.
- It is regulated by the SEC and FINRA.
- It is regularly audited and must publish its financial statements to the public.
- It is required to keep excess capital on hand to ensure customer deposits are protected.
- Your Mercury Treasury account is held in your name with our partner, Apex Clearing Corp. Apex Clearing Corp maintains a detailed record of each Treasury customer’s holdings and is prohibited from using any of these funds or securities for its own purposes, and from commingling them with its own customers’ holdings. Because assets are held in your name, they remain available to be transferred to an account at another broker in any of the following events:
- Mercury bankruptcy, financial instability, sale or acquisition
- Apex bankruptcy, financial instability, sale or acquisition
- Apex is regulated by the SEC and FINRA, and is regularly audited and must publish financial statements to the public. Apex is also required to keep excess capital on hand to ensure customer deposits are protected.
- Mercury Treasury offers two mutual funds that invest in lower-risk, short-term debt securities, such as Treasury bills, municipal debt, or corporate bonds. See the fund prospectuses for details on each fund’s holdings:
- Vanguard Treasury Money Market Fund (VUSXX) is 99.5% invested in U.S. government-backed securities. It is one of the most conservative investment options offered by Vanguard.
- Morgan Stanley Ultra-Short Income Portfolio (MULSX) is a mutual fund that invests in highly-liquid instruments such as commercial paper and Certificates of Deposit. It carries the highest Fitch rating for underlying credit quality and very low sensitivity to market risk.
- Mercury Treasury accounts are covered by the Securities Investor Protection Corporation (SIPC) insurance. This applies in the event that assets are lost or missing from a customer’s accounts during the time a financially-troubled or failed brokerage firm is being unwound. SIPC protects $500,000 worth of securities and cash, with maximum protection for cash of $250,000 and $250,000 in investments.
Mercury is SOC 2-compliant, meaning you can have confidence in our operations and service commitments — and peace of mind that we take pride in them. If you need our SOC 2 report for your own compliance records, reach out to us at [email protected] and we’d be glad to help.
- Require HTTPS on all pages, and use HSTS to ensure browsers only ever connect to Mercury over a secure connection.
- Employ a third party to perform penetration testing each year to check for vulnerabilities.
- Hash and store all passwords with the bcrypt algorithm — never as plaintext.
- Use time-based one-time passwords for two-factor authentication. We never send authentication codes via insecure channels like SMS.
- Encrypt our database and all uploaded images, with additional encryption for sensitive data like social security numbers.
- Never store your debit or credit card numbers.