Security, Privacy, and Compliance

Security Platform

A library of security and privacy resources is available at: https://security.riskified.com/. You will need to register under your work email that is associated with your Riskified account in order to get access.

It includes information such as:

• GDPR
• ISO
• SOC
• CCPA

If you have further questions about security measures, you can reach out to security@riskified.com.

PCI Security Standards Council Compliance

At this time, Riskified is not required to adhere to PCI-DSS since we do not collect the full (usually 16-digit) PAN number.

For updated information regarding the truncation of primary account numbers, please see the following page from the PCI Security Standards Council: https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-are-acceptable-formats-for-truncation-of-primary-account-numbers.

Compliance with Sanctions Regulations (OFAC)

Riskified seeks to comply with applicable economic and trade sanctions laws and regulations, including those administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the European Union, the United Kingdom, and other relevant authorities.
As part of these compliance obligations, Riskified does not process or approve transactions that we believe originate in the following countries that are the subject of comprehensive sanctions programs:

• Cuba
• Iran
• North Korea
• Crimea, Luhansk and Donetsk regions of Ukraine.

Orders determined to originate in or otherwise involve these jurisdictions will be automatically declined. Riskified also reserves the right to refuse service to any person or entity identified on applicable sanctions or restricted-party lists.

Bug Bounty Program

Riskified runs a bug bounty program to ensure the highest security and privacy of its platforms. You can read about it here: Riskified Bug Bounty Program | Open Bug Bounty. Please contact bugbounty@riskified.com for further information.