By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
BACK TO BLOG

Setting the standard: Strivacity's PCI DSS, WCAG and SOC2 certifications explained

At Strivacity, we’re big fans of fun, including here on our blog – movie tropes, puns, Harvey from 10B

But information security, privacy, and accessibility aren’t things we joke about. 

According to Javelin Strategy & Research, in 2021 new account fraud rose 109% and account takeover losses increased 90% year over year. The average per-victim loss across all types of identity fraud was more than $1,000.

For online brands, customer identity and access management (CIAM) plays a major role in the security of your customers’ personal and financial information. And because all your customers need to interact with your sign-up, sign-in, and account maintenance experiences, the accessibility of your CIAM solution is key. Unlike workforce IAM solutions, customer IAM solutions have to work with whatever tech your customers are using (Android or iOS, for example). Industry standards such as FIDO2 are key for that - and we’ve always been big believers in adhering to CIAM industry standards. 

From the very beginning, Strivacity has invested in external validation – submitting our products for trusted third-party certifications and inviting auditors to check our internal controls. We want our clients to rest easy, knowing that their customer sign-in journeys (and the company providing them) meet the most stringent standards in the industry. 

We recently announced our achievement of two new certifications and the renewal of two others. To help digital leaders understand why this is a big deal, let’s unravel the alphabet soup of PCI DSS, FIDO2, SOC2, and WCAG. 

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS establishes standards for processing credit card transactions to ensure security and minimize fraud.

This standard was created by the Payment Card Industry Security Council, which includes Visa, American Express, Mastercard, Discover, and other credit card service providers. While their interest in data security and privacy may be obvious enough, it’s worth calling out that the FBI reported more than 13,000 complaints of credit card fraud in 2023, with losses exceeding $173 million.

And despite the proliferation of alternate payment options, credit cards remain a prime payment method. According to the Federal Reserve Board, credit card use more than tripled from 15.6B transactions in 2000 to 51.1B in 2021. 

To help our clients safeguard their customers and their transactions, we are proud to comply with the rigorous requirements of PCI DSS. 

Fast Identity Online 2 (FIDO2)

FIDO2 is a standard set by the FIDO Alliance to simplify login such as using passkeys to replace passwords, while reducing vulnerability to phishing attacks and enhancing scalability. 

The FIDO Alliance is an industry association committed to creating and promoting authentication standards that reduce the need for passwords and increase interoperability among devices. 

As an Alliance member, we’ve adopted FIDO standards as they’ve evolved – FIDO2 is just the latest. And as huge advocates for passkeys, passwordless options, multi-factor authentication (MFA), and seamless experiences for even your very-online, device-happy customers, we are all about it. 

Not sure what passwordless or multi-device credentials could do for your brand? Here’s a rundown from our CTO

Service Organizations Controls Type 2 (SOC2)

SOC2 was launched by the American Institute of Certified Public Accountants (AICPA) to ensure organizations have sufficient internal controls in place to manage security and trust. At first blush, you might wonder what accountants have to do with information security and privacy. 

Quite a bit, as it turns out.

Beyond taxes, accountants are known for conducting audits. Think PriceWaterhouseCoopers and the Oscars

We like to think most companies are totally honest, but there’s always a chance someone is trying to pass off fuzzy numbers. The AICPA created Service Organizations Controls to establish processes and procedures that minimize the risk of fuzzy numbers.

SOC2 takes it a step further, going beyond audit to address data security and trust. In their role, accountants often see where and how data is stored, so they have some insight into what needs to be done to secure those processes.

We think it’s worth the effort to meet the security and trust standards set by the AICPA, because they offer a different perspective than a software engineer.

Web Content Accessibility Guidelines (WCAG)

The WCAG are technical standards for making websites and apps accessible to people with disabilities. Developed by the World Wide Web Consortium (W3C) in collaboration with disability experts, WCAG is a globally adopted standard that signals your brand’s commitment to serving the needs of all customers.

This standard really applies to the access management portion of CIAM. We want to make it easy for your customers to access their accounts and your offerings. To do that, we make sure our systems are perceivable, operable, understandable, and robust.

Some of this is codified into law, like Section 508 in the U.S., that apply to government agencies. But that’s not enough for Strivacity. We go further, creating truly accessible login systems. It’s just the right thing to do for our clients and their customers.

Putting trust front and center

As we always have, Strivacity continues to adapt to the changing technological landscape, maintaining and adopting standards and protocols that enhance accessibility and safeguard security and privacy. 

Learn more about Strivacity’s commitment to security and safety at https://security.strivacity.com/.