With the ISO certification, the BNPL fintech Credi2 receives TÜV AUSTRIA’s seal of approval for data protection and information security. The “buy now, pay later” provider is thus certified by an independent body as having a particularly high standard in handling sensitive data.
Phishing, DDoS attacks or malware: the financial sector has been an attractive target for cyber criminals for years. According to the Boston Consulting Group, banks and financial service providers are attacked 300 times more frequently than other companies. The attackers often target the software supply chain. They use the detour via IT service providers and their products to penetrate the banks’ networks.
For Credi2 as a BNPL provider for banks, security is therefore of utmost importance. The Viennese fintech successfully received the ISO 27001 certification by TÜV AUSTRIA which provides proof of trust to customers, partners and investors alike. “As a fintech, information security has to be our priority”, says Alexander Polster, Chief Information & Security Officer (CISO) at Credi2. “With the ISO certification, our high standards are now confirmed by an independent body.”
Security awareness of employees is continuously trained
With the ISO 27001 certification, Credi2 demonstrates that financial data, business processes, employee data and information entrusted by third parties are managed securely in its system. The prerequisite for this was the introduction of a risk management system that identifies, analyses and remedies threats and disruptions at an early stage.
In addition, the BNPL provider also received the ISO 27701 certification. With this extension, TÜV AUSTRIA confirms the protection of personal data in the Privacy Information Management System (PIMS). This also includes the continuous maintenance and improvement of the system.
“We regularly train the security awareness of our employees,” says Alexander Polster. “We have created our own e-learning system for this purpose. With the help of gamification, everyone is trained and kept up to date on information security.”
Processes are continuously improved
Unlike other BNPL competitors, Credi2 can now attest a number of important security standards through the seal of approval. These include access security, the controlled purchase of hardware and software, secure internal and external communication, the physical protection of assets and the use of appropriate cryptography.
However, this certification is just the beginning. “The standard requires continuous improvement and Credi2 is working hard to keep raising the bar,” says security expert Polster.
About Credi2 GmbH
Credi2 specialises in embedded finance solutions for ‘buy now, pay later’ and subscriptions. The fintech enables banks, merchants and OEMs to offer modern sales financing solutions via the Credi2 platform. Customers include Volkswagen Bank, Raiffeisen Bank International and Apple. Credi2 has worked with these companies to launch innovative and highly successful payment solutions in a short period of time.
The Vienna-based scale-up was founded in 2015 by Daniel Strieder, Michael Handler and Jörg Skornschek. In addition to the founding trio, the management team also includes Christian C. Waldheim and Jennifer Isabella Schimanko. Credi2 is a fast-growing fintech currently employing more than 90 people from all over Europe.