BELLEVUE, Wash. -- March 14, 2019 -- Auth0, a global leader in Identity-as-a-Service (IDaaS), is pleased to announce that it has validated compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) version 3.2.1 as a "Level 1" service provider for its identity and access management services. Auth0 is one of the first identity providers in the industry to successfully undergo a third-party Level 1 PCI assessment.
The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc. The standard includes twelve requirements that include the following information security topics:
- Security management
- Policies and procedures
- Physical security
- Network architecture
- User access management
- Network and systems monitoring
- Software development
The PCI Data Security Standard requires that any merchant that outsources the transmission, processing, or storage of payment card data to a third-party provider verify that the provider adheres to the standard. As a leading provider of identity and access management to merchants, Auth0 has proactively met this obligation to its customers.
"Modernization within the payments industry is creating exciting innovation in application development," said Joan Pepin, CISO and VP of Operations at Auth0. "With this modernization comes an even more critical need to protect sensitive payment card information. We are excited to achieve PCI Compliance and provide this added security assurance to our global customers."
The assessment was performed by Schellman & Company, LLC (www.schellmanco.com), a globally accredited Qualified Security Assessor (QSA) firm that provides assurance and compliance services to global companies. The scope of the assessment included the applicable requirements of version 3.2 of the PCI Data Security Standard for validation of "Level 1" service providers. Following the completion of the assessment, a Report on Compliance was issued to reflect Auth0's full compliance with the PCI Data Security Standard.
For more information about the PCI Data Security Standard, please visit the PCI Security Standards Council website located at www.pcisecuritystandards.org.
Auth0’s modern approach to identity enables organizations to provide secure access to any application, for any user. The Auth0 platform is a highly customizable identity operating system that is as simple as development teams want and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.
Matter for Auth0