BELLEVUE, Wash. -- March 14, 2019 -- Auth0, a global leader in Identity-as-a-Service (IDaaS), is pleased to announce that it has validated compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) version 3.2.1 as a "Level 1" service provider for its identity and access management services. Auth0 is one of the first identity providers in the industry to successfully undergo a third-party Level 1 PCI assessment.

The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc. The standard includes twelve requirements that include the following information security topics:

  • Security management
  • Policies and procedures
  • Physical security
  • Network architecture
  • User access management
  • Network and systems monitoring
  • Software development

The PCI Data Security Standard requires that any merchant that outsources the transmission, processing, or storage of payment card data to a third-party provider verify that the provider adheres to the standard. As a leading provider of identity and access management to merchants, Auth0 has proactively met this obligation to its customers.

"Modernization within the payments industry is creating exciting innovation in application development," said Joan Pepin, CISO and VP of Operations at Auth0. "With this modernization comes an even more critical need to protect sensitive payment card information. We are excited to achieve PCI Compliance and provide this added security assurance to our global customers."

The assessment was performed by Schellman & Company, LLC (, a globally accredited Qualified Security Assessor (QSA) firm that provides assurance and compliance services to global companies. The scope of the assessment included the applicable requirements of version 3.2 of the PCI Data Security Standard for validation of "Level 1" service providers. Following the completion of the assessment, a Report on Compliance was issued to reflect Auth0's full compliance with the PCI Data Security Standard.

For more information about the PCI Data Security Standard, please visit the PCI Security Standards Council website located at

About Auth0

Auth0 is the first identity management platform for application builders, and the only identity solution needed for custom-built applications. With a mission to secure the world’s identities so innovators can innovate, Auth0 provides the simplicity, extensibility, and expertise to scale and protect identities in any application, for any audience. Auth0 secures more than 100 million logins each day, giving enterprises the confidence to deliver trusted and elegant digital experiences to their customers around the world.

For more information, visit or follow @auth0 on Twitter.

Media Contacts:

Kasia Hall
Matter for Auth0