CRED has raised the bar on member safety with the achievement of three major global certifications: ISO 27001 (Information Security Management System), ISO 27701 (Privacy Information Management System), and PCI DSS v4.0 (Payment Card Industry Data Security Standard).
These certifications solidify CRED’s commitment to protecting member data, ensuring safer transactions, and empowering members with more control over their personal information.
ISO 27001 certification demonstrates that CRED has established a comprehensive Information Security Management System (ISMS) to protect member data against unauthorised access and cyber threats. This certification highlights CRED’s commitment to identifying, managing, and mitigating security risks, ensuring that members’ sensitive financial and personal information remains secure across its operations.
Among the first Indian organisations to achieve ISO 27701:2019 certification, CRED is leading the way in privacy management. This milestone directly benefits members by enhancing how their personally identifiable information (PII) is handled, in line with global best practices and India’s upcoming Digital Personal Data Protection Act, 2023. With this certification, CRED members gain greater control over their data, benefiting from heightened transparency and responsible data use. This industry-first approach ensures that member privacy is prioritised.
CRED’s compliance with PCI DSS v4.0 reflects its continued focus on secure card transactions. This latest certification enforces stringent measures, including encryption, access controls, and proactive threat detection, to safeguard member financial data. The upgrade from the previous standard demonstrates CRED’s commitment to enhancing security measures in line with evolving industry requirements.
Kunal Shah, founder, CRED, said, “Achieving these certifications is part of our broader commitment to maintaining the highest standards of security and privacy for our members. These certifications are not just about compliance—they are about building trust with our members, partners, and regulators. As we align with evolving data protection regulations, we will continue to work closely with regulators to lead by example in the fintech industry.”
