The three certifications include ISO 27001(Information Security Management System), ISO 27701:2019 (Privacy Information Management System), and PCI DSS v4.0 (Payment Card Industry Data Security Standard)
CRED said that these certifications will help it in protecting member data, ensuring safer transactions, and empowering members with more control over their personal information
This comes at a time when cybersecurity has emerged as a major concern for startups
Fintech major Cred announced on Thursday (September 12) that it has secured three critical security and data privacy certifications from the ISO(International Organisation for Standardisation).
These three certifications include ISO 27001, ISO 27701:2019, and PCI DSS v4.0. In a statement, the startup said that these certifications will help it in protecting member data, ensuring safer transactions, and empowering members with more control over their personal information.
“These certifications are not just about compliance—they are about building trust with our members, partners, and regulators. As we align with evolving data protection regulations, we will continue to work closely with regulators to lead by example in the fintech industry,” CRED’s founder and CEO Kunal Shah said.
ISO is a Switzerland-based organisation that develops international standards for exchange of goods and services. The ISO 27001 certification essentially means CRED follows international practices for information security management, while the ISO 27701:2019 certification is for meeting international standards for managing and protecting personal data.
Finally, the PCI DSS v4.0 certification is awarded by the Payment Security Standards Council to companies that demonstrate their ability to meet a set of security standards for processing, storing, and transmitting credit card data.
CRED claimed it is among a select group to have received these three certificates. The company has embraced a platform approach since late 2022 and added a slew of products to flesh out the super app strategy.
Most recently, it launched a personal finance management product CRED Money and in the past year, it has added revenue streams from acquired stock trading platform Kuvera, CRED Store, payment aggregator, personal loans, insurance commissions and more, as highlighted in our recent in-depth look at the CRED revenue stack.
Cybersecurity is a major consideration for startups in general, but for fintech platforms in particular, in light of the cyber-attack on crypto platform WazirX earlier this year. It led to WazirX users losing investments to the tune of $230 Mn, with the issue unlikely to be resolved any time soon.
Over the past few years, there have been other examples, such as the data breach at fintech platform Juspay in early 2021, where the data of 10 Cr users was compromised. Or Mobikwik in the same year, a breach which is said to have affected over 100 Mn users.
Incidentally, the central government unveiled a host of initiatives yesterday (September 11). These included a central registry of cyber criminals, creation of cyber commandos, and investigation facility Samanvay.