BELLEVUE, Wash. -- March 14, 2019 -- Auth0, a global leader in Identity-as-a-Service (IDaaS), is pleased to announce that it has validated compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) version 3.2.1 as a "Level 1" service provider for its identity and access management services. Auth0 is one of the first identity providers in the industry to successfully undergo a third-party Level 1 PCI assessment.
The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc. The standard includes twelve requirements that include the following information security topics:
- Security management
- Policies and procedures
- Physical security
- Network architecture
- User access management
- Network and systems monitoring
- Software development
The PCI Data Security Standard requires that any merchant that outsources the transmission, processing, or storage of payment card data to a third-party provider verify that the provider adheres to the standard. As a leading provider of identity and access management to merchants, Auth0 has proactively met this obligation to its customers.
"Modernization within the payments industry is creating exciting innovation in application development," said Joan Pepin, CISO and VP of Operations at Auth0. "With this modernization comes an even more critical need to protect sensitive payment card information. We are excited to achieve PCI Compliance and provide this added security assurance to our global customers."
The assessment was performed by Schellman & Company, LLC (www.schellmanco.com), a globally accredited Qualified Security Assessor (QSA) firm that provides assurance and compliance services to global companies. The scope of the assessment included the applicable requirements of version 3.2 of the PCI Data Security Standard for validation of "Level 1" service providers. Following the completion of the assessment, a Report on Compliance was issued to reflect Auth0's full compliance with the PCI Data Security Standard.
For more information about the PCI Data Security Standard, please visit the PCI Security Standards Council website located at www.pcisecuritystandards.org.
Auth0, a global leader in Identity-as-a-Service (IDaaS), provides thousands of customers in every market sector with the only identity solution they need for their web, mobile, IoT, and internal applications. Its extensible platform seamlessly authenticates and secures more than 2.5 billion logins per month, making it loved by developers and trusted by global enterprises. The company's U.S. headquarters in Bellevue, WA, and additional offices in Buenos Aires, London, Tokyo, and Sydney, support its global customers that are located in 70+ countries.
Matter for Auth0