CRED has achieved three major global certifications: ISO 27001 (Information Security Management System), ISO 27701 (Privacy Information Management System), and PCI DSS v4.0 (Payment Card Industry Data Security Standard). These certifications solidify CRED’s commitment to protecting member data, ensuring safer transactions, and empowering members with more control over their personal information.
Enhanced Protection of Member Data
ISO 27001 certification demonstrates that CRED has established a comprehensive Information Security Management System (ISMS) to protect member data against unauthorised access and cyber threats. This certification highlights CRED’s commitment to identifying, managing, and mitigating security risks, ensuring that members’ sensitive financial and personal information remains secure across its operations.
Leading the Way in Privacy Management
Among the first Indian organisations to achieve ISO 27701:2019 certification, CRED is leading the way in privacy management. This milestone directly benefits members by enhancing how their personally identifiable information (PII) is handled, in line with global best practices and India’s upcoming Digital Personal Data Protection Act, 2023. With this certification, CRED members gain greater control over their data, benefiting from heightened transparency and responsible data use. This industry-first approach ensures that member privacy is prioritised.
Elevating Payment Security Standards
CRED’s compliance with PCI DSS v4.0 reflects its continued focus on secure card transactions. This latest certification enforces stringent measures, including encryption, access controls, and proactive threat detection, to safeguard member financial data. The upgrade from the previous standard demonstrates CRED’s commitment to enhancing security measures in line with evolving industry requirements.
Globally, only a small fraction of fintech companies achieve the combined certifications of ISO 27001, ISO 27701, and PCI DSS v4.0. CRED’s accomplishments position it among a select group that prioritises comprehensive security and privacy practices, reinforcing its role as a reliable and compliant partner in India’s financial ecosystem. For CRED members, this means a commitment to security and privacy that goes beyond compliance—it’s about building lasting trust and delivering a safe, rewarding experience.
Kunal Shah, founder, CRED, said, “Achieving these certifications is part of our broader commitment to maintaining the highest standards of security and privacy for our members. These certifications are not just about compliance—they are about building trust with our members, partners, and regulators. As we align with evolving data protection regulations, we will continue to work closely with regulators to lead by example in the fintech industry.”