OVERVIEW
Here are resources on Riskified’s security, privacy, and compliance measures.
TABLE OF CONTENTS
Security
PCI Security Standards Council Compliance
OFAC Compliance
Bug Bounty Program
Security Platform
A library of security and privacy resources is available at: https://security.riskified.com/. You will need to register under your work email that is associated with your Riskified account in order to get access.
It includes information such as:
- GDPR
- ISO
- SOC
- CCPA
If you have further questions about security measures, you can reach out to security@riskified.com.
PCI Security Standards Council Compliance
At this time, Riskified is not required to adhere to PCI-DSS since we do not collect the full (usually 16-digit) PAN number.
For updated information regarding the truncation of primary account numbers, please see the following page from the PCI Security Standards Council: https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-are-acceptable-formats-for-truncation-of-primary-account-numbers.
Compliance with Government Regulations (OFAC)
OFAC is The Office of Foreign Assets Control of the US Department of the Treasury. OFAC enforces economic and trade sanctions based on US foreign policy and national security goals against foreign governments, entities, and individuals engaged in activities related to threats on the United States.
Since Riskified operates within the United States, we must follow all government sanctions. Therefore, we cannot approve orders that are made by or shipped to customers in countries that have been banned by the United States for commerce. Riskified’s system is designed to automatically decline orders that originate in the following OFAC sanctioned countries/regions:
- Crimea
- Cuba
- Iran
- North Korea
- North Sudan
- South Sudan
- Syria
Note: Sanctioned country transactions are typically very uncommon and should not have a material impact on your operations.
Bug Bounty Program
Riskified runs a bug bounty program to ensure the highest security and privacy of its platforms. You can read about it here: Riskified Bug Bounty Program | Open Bug Bounty. Please contact bugbounty@riskified.com for further information.