How wizCode protects clients, vendors, and our team from fraudulent activity.
Last updated: January 1, 2025
1. Purpose and Scope
wizCode is committed to maintaining a secure, honest, and trustworthy business environment for our clients,
employees, contractors, and partners. This Anti-Fraud Policy establishes our standards for preventing, detecting,
and responding to fraudulent activity. It applies to all interactions with wizCode, including payment
transactions, communications, contract execution, and the use of our name, brand, or identity by any party.
2. What Constitutes Fraud
For the purposes of this policy, fraud includes any intentional act designed to deceive wizCode, our clients, or
any other party for financial or other unlawful gain. This includes, but is not limited to:
Impersonating wizCode or its employees in communications with clients or vendors.
Sending fraudulent invoices using the wizCode name, logo, or identity.
Intercepting or redirecting payment communications to direct funds to unauthorised accounts.
Creating fake wizCode websites, email addresses, or social media profiles.
Misrepresenting credentials, experience, or certifications during a hiring or engagement process.
Submitting false expense claims or inflated invoices to wizCode.
Misappropriating client or company funds, intellectual property, or confidential information.
Engaging in identity theft, phishing, or social engineering against wizCode or its stakeholders.
3. Official Payment and Communication Channels
To protect yourself from invoice fraud and payment interception, please note our official channels:
Official invoices are issued only from billing@wiz-code.com and are sent only through our invoicing platform
(currently Stripe Billing or a signed PDF). We will never request payment via cryptocurrency, gift cards, wire
transfers to personal accounts, or informal payment apps.
Official email domain: All wizCode staff communicate from @wiz-code.com addresses. Emails
from similar-looking domains (e.g., wiz-codes.com, wiz-code.com, wiz.code.com) are not from us. Report
suspicious emails to security@wiz-code.com.
Bank account changes: wizCode will never request a bank account or payment method change via
email alone. Any such request must be confirmed with a signed letter on company letterhead and a direct phone
call to our verified main number: +971 4 XXX XXXX.
If you receive an invoice or payment request that seems unusual, do not pay it before calling us directly to
verify. A brief phone call can prevent significant financial harm.
4. Invoice Verification
Before processing any wizCode invoice above AED 5,000 (or equivalent), we recommend clients verify the following:
The sender email is from @wiz-code.com domain.
The invoice number matches the reference in your contract or Statement of Work.
The bank account or payment details match those on file from your original onboarding documentation.
If anything appears different from your prior invoices, call us at our verified number before transferring
funds.
5. Internal Controls
wizCode maintains the following internal controls to prevent fraud within our organisation:
Dual authorisation required for all outgoing payments above AED 10,000.
All financial transactions are logged and subject to monthly independent reconciliation.
Access to financial systems is restricted on a least-privilege basis, with access logs reviewed quarterly.
All employees and contractors with access to client data or financial systems undergo background checks prior
to engagement.
Regular internal audits of expense claims, vendor payments, and subcontractor invoices.
Whistleblower protections for employees who report suspected fraud in good faith.
6. Client Data and Credential Protection
wizCode treats client credentials, API keys, access tokens, and system passwords as strictly confidential. We
will never share, sell, or transfer client access credentials to any third party without explicit written consent.
All credentials shared with us during an engagement are stored in encrypted vaults (1Password Teams or AWS Secrets
Manager) and revoked and rotated upon project completion.
If you believe a credential or access token shared with wizCode has been compromised, contact us immediately at
security@wiz-code.com and rotate the affected credential as soon as
possible.
7. Reporting Suspected Fraud
If you suspect fraud involving wizCode, whether by someone impersonating us or within our operations. Please
report it through the following channels:
Anonymous: Reports may be submitted anonymously. We investigate all credible reports
regardless of whether the reporter identifies themselves.
All fraud reports are treated with strict confidentiality. We will acknowledge receipt within 24 hours and
provide an initial assessment within 3 business days.
8. Consequences of Fraudulent Activity
Any person or entity found to have engaged in fraud against wizCode, its clients, or its partners will face the
full extent of available legal remedies, including but not limited to:
Immediate termination of all contractual relationships with wizCode.
Civil legal action to recover financial losses and damages.
Criminal referral to the relevant law enforcement authorities in the UAE or applicable jurisdictions.
Public disclosure where required by law or to protect affected parties.
Notification to professional bodies or licensing authorities where applicable.
9. Governing Law
This Anti-Fraud Policy is governed by the laws of the United Arab Emirates, including applicable provisions of
Federal Law No. 5 of 2012 on Combating Cybercrimes and the UAE Penal Code. Disputes or legal actions arising from
fraud incidents will be subject to the jurisdiction of the competent courts of Dubai, UAE.
10. Policy Review
wizCode reviews this Anti-Fraud Policy annually and updates it as needed to reflect changes in our operating
environment, applicable law, or best practices. The current version is always available at wiz-code.com.
11. Contact
For any questions about this policy, please contact us at legal@wiz-code.com.