Major cryptocurrency payment services provider BitPay has undergone a security and confidentiality compliance review, the Service Organization Control 2 (SOC 2).
According to a Sept. 30 news release, business advisory company Aprio confirmed BitPay’s compliance with the SOC 2, a tech audit and a requirement for technology companies that assures that customers’ personal data is kept secure and confidential.
Passing an SOC 2 review means that the firm has met criteria set by the American Institute of Certified Public Accountants in regard to confidentiality, security, privacy, processing integrity and availability. Commenting on the evaluation, Dan Schroeder, partner-in-charge of information assurance services at Aprio, said:
“After thorough review, we have confirmed the design and application of BitPay’s payment system meets the standards set forth in SOC 2 for protecting customer data. SOC 2 reporting is an industry best practice standard that evaluates a company’s controls relative to matters such as securing transactional and other sensitive customer data.”
In mid-August, BitPay introduced new security measures on its platform, where users are required to undergo a one-time verification process that requires the input of data such as their Social Security number or passport number, as well as photo ID. The measures were met with some skepticism, given the resistance that many in the cryptocurrency community have toward seeing their personal data stored in centralized troves.
SOC 2-compliant crypto and blockchain projects
In January, cryptocurrency exchange Gemini announced that it had completed an SOC 2 Type 1 certification.
In April, blockchain security firm BitGo, which gained an SOC 2 Type 1 certification from Deloitte last year, upped its procedures to conform to the Type 2 requirements of the same standard.
Last month, about 15 global jurisdictions, including the G-7 countries, announced that they will reportedly develop a system for tracking crypto transactions to prevent illicit uses of cryptocurrencies by collecting and distributing personal data on individuals.