Treezor, the enabler of Banking-as-a-Service, became one of the first BaaS providers to obtain PCI DSS certification for card issuing.
This certification “testifies” to Treezor’s operational and technical capacity to comply with the most “demanding” security standards and paves the way for developing new card-related functionalities for its clients.
Created by the PCI Council, which combines major card networks (Mastercard, VISA, American Express, etc.), obtaining the PCI DSS (Payment Card Industry Data Security Standard) certification underlines Treezor’s ability to “store, process, and transmit” payment card data.
This standard is said to “attest” to the quality and security of Treezor’s information system, enabling us to offer our customers the highest card data protection standards.
To enhance data security across the entire payment ecosystem and further ensure compliance, the PCI DSS standard guarantees Treezor customers that Treezor card data is said to be processed with “rigor” and security.
The BaaS enabler has thus confirmed its ability to work with major groups and regulated institutions, “meeting their expectations in terms of data processing.”
Compliance with the PCI DSS security standard is based on three elements:
- Managing the transfer of customer card data, involving the secure collection and transmission of sensitive card information;
- Storing card data securely following the 12 security domains of the PCI DSS standard. This includes practices such as encryption, continuous monitoring, and security testing;
- Perform advanced security checks annually.
- A standard that opens up new functionalities
Thanks to PCI DSS certification, Treezor can now offer advanced functionalities to optimize the user experience.
This certification enables the display of sensitive information such as PIN and verification code (CVV) and instant copy of card number (PAN), making it easier for customers to make secure online payments.
Julien Mortuaire, Treezor’s CTO, said that obtaining PCI DSS certification rewards our teams’ efforts to make our platform even more secure.
They added that thanks to their resolute serverless strategy, we were able to obtain this certification in record time.
They further noted that this demonstrates our platform’s ability to adapt to a highly constrained framework such as PCI DSS while continuing to innovate.
Established back in 2016, Treezor is a Fintech regulated by the ACPR (French regulator) and passported in 25 countries as an electronic money institution.
Treezor is also a “principal member” of international card networks, like Mastercard.
Acquired in 2019 by Société Générale group, Treezor is the European enabler of Banking as a Service (BaaS) with 80 billion euros in processed flows and 5 million cards issued, as well as an active presence in France, Germany, Benelux, Italy, and the Iberian Peninsula.
Its Embedded Finance solution allows businesses to integrate “white-label” payment services into their offering via “highly intuitive” APIs (from acquisition to issuance).
Treezor also provides “regulatory expertise” (KYC, AML/CFT…) and security to its clients and positions itself as an enabler for “unregulated” companies or licensed institutions.