Cryptocurrency payment platform, Crypto.com, announced on June 2 that it is one of the first fintech companies to receive ISO/IEC 27701:2019 privacy certification, following a number of third-party audits.
According to the announcement, the “Gold standard” certification aims to strengthen the company’s strategy — “Defense in Depth”. It outlines policy implementation guidelines for data protection with regard to personally identifiable information, or PII, within the organization.
The certification was granted by SGS, a leading inspection verification and certification firm that has over 2,600 offices worldwide.
Strengthening the company’s risk and security policies
Speaking with Cointelegraph, Jason Lau, Chief Information Security Officer of Crypto.com, praised the announcement. He elaborated on what it means to have obtained such a certification:
“It also ensures that we have a privacy information management system in place to continuously improve data privacy in the company’s day-to-day operations, through to how we build products for our customers. Security and privacy have been core pillars since day one.”
Lau says there is a saying often used in cybersecurity: “It is not a matter of if you will be hacked but when”. He considers this an outdated view, explaining:
“(…) We need to work under the mantra of ‘assume breach,’ meaning organizations should assume that they are already breached, and there is an attacker inside their systems and staying under the radar to perform reconnaissance. This is one of the phases of the typical Cyber Attack Kill Chain.”
Implications for the crypto industry
On what this “milestone” implies for the crypto industry, the Crypto.com CISO believes that its strategy uses the “highest standards” of security and privacy. They claim to match the level of the traditional banks:
“When cryptocurrency regulation becomes more widespread, we will be in a strong position to continue to grow and expand. As you may have seen with all the crypto exchange hacks, the industry desperately needs more focus into cybersecurity and data privacy, and my goal is to lead by example at Crypto.com so others may follow.”
The company’s privacy risks and controls were examined against the ISO / IEC 27701: 2019 standard. It also examined whether Crypto.com has put in place a privacy information management system to help mitigate privacy risks.
Recent Crypto.com announcements
Crypto.com announced the broad European launch of its MCO cards on May 15, expanding the company’s presence in Europe. This now covers all 27 EU states.
Additionally, Cointelegraph reported on May 11 that the crypto platform integrated with e-commerce platform, Ecwid. The platform now features a plug-in built by Crypto.com that lets customers pay with crypto on the platform.