Compliance and Certifications

VERITRAN is a company engaged in the provision of digital solutions as part of a commercial service portfolio aligned with a market which is diverse and demanding regarding quality guidelines and aspects. In the context of the protected granted to said commercial solutions, the executives of Veritran understand that the adoption and implementation of international models and standards vastly contribute to the ongoing improvement of services offered for the entire satisfaction of all stakeholders. Pursuant to the foregoing, Veritran is certified under international ISO 9001:2015 and ISO 27001:2013 standards. These good-practice guidelines set forth the responsibility for implementing and maintaining a Management System which is compliant to the principles on Service Quality and Information Security. These principles are met by Veritran under the following business policies:

Quality Policy

We are a global tech company devoted to simplifying banking experiences. Through our business solutions, we inspire financial institutions to take digitalization to the next level. We are proud to be a key strategic partner for renowned clients across Latin America, North America, and Europe, helping them become the banks their customers prefer. By creating innovative customer-focused products, we empower over 50 million people to run their financial world. We ensure that our services meet the requirements expected by our customers, in every country where we have operations, suppliers, partners and collaborators.
We are a company that is characterized by its great professionalism, considering it essential to understand quality as a fundamental tool to develop our activity. We will achieve the best results for our customers, society and all the people who are part of Veritran, through our Quality Management System based on the following purposes:

Service orientation

We foster an environment where innovative ideas are proposed in all areas of the company, where existing practices can be challenged, encouraging the co-creation of work, the contribution of value and disruptive innovation.

Transparency and communication

We comply with processes, providing access to information and maintaining open communication with all our stakeholders.

Process definition

We manage Business through a Process-based Management System. We are nurtured by expert and shared knowledge, fluid communication and constant training.

Work environment

We promote a work environment in which our employees generate initiatives for improvement and active innovation; where they work in a conscious, responsible, collaborative and empathetic manner. We are committed to making resources available to disseminate and implement this policy at all levels of the organization, extending its scope to our employees, suppliers, partners, shareholders and customers.

Cyber Resilience Policy

Veritran has defined the following general policy which represents a statement of its commitment to ensure and maintain its mission objective by managing risks associated with information security, technology and business continuity:

Veritran has adopted and implemented recognized standards aligned to international regulations governing good practices to ensure, protect, preserve and manage the confidentiality, integrity and availability of information with the help of timely management of its risks, taking into account, the identification and implementation of controls to minimize the probability of occurrence and the level of impact enrolled to security incidents.

Certifications

SOC 2

SOC 2 is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to assess the effectiveness of an organization's controls over information security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type 1 measures an organization’s systems and controls and evaluates the design and implementation of these controls to ensure they are suitably designed to meet the relevant trust services criteria.

With SOC 2 compliance, Veritran is equipped to meet specific needs of key industries and provide customers with confidence that their sensitive data is protected by a trusted partner. For this compliance audit and certification process, Veritran enlisted a professional third-party auditor, Schellman & Company, LLC and has been confirmed to meet the American Institute of Certified Public Accountants (AICPA) Trust Service Criteria.

Veritran was verified through an in-depth independent audit relevant to security set forth in TSP section 100, Trust Services Criteria for Security. More than 120 requirements were met for Veritran to achieve this major milestone of becoming SOC 2 certified. The process included an extensive examination of Veritran's controls, practices, organization charts, and business processes, their effectiveness and value, and more.

PCI DSS

Veritran LLC (Veritran) is a level 1 service provider located in Buenos Aires (Argentina), operating as a tokenization service provider for cardholder transaction requests in the mobile wallet. Veritran is responsible for receiving and sharing token issuing requests from cardholders and authorizing these tokens with the brands.

Explanation of Third-Party Relationships: Amazon AWS (cloud computing service provider): Provides cloud computing services to Veritran (PaaS) such as virtual networks, load balancers, storage and other security and monitoring tools. Amazon AWS is PCI DSS compliant and its AOC (DOC-71, 14 Dec 2021 #3.2.1) was evaluated by the assessor to ensure that all applicable requirements are covered.

Token issuing process (TSP): In the issuing flow, the issuer wallet requests the tokenization of cards. The card's sensitive data is received where the token is generated. As the cardholder is operating from an issuer wallet, no terms and conditions and additional authentication flows applies.

ISO 27001

At Veritran, we are proud to have the ISO 27001 certification, and we want to share with you the reasons why this certification is essential to us. Firstly, the ISO 27001 certification demonstrates our unwavering commitment to information security and the protection of our clients' confidential data. With this certification, we guarantee that we have implemented a robust information security management system supported by recognized international standards.

Furthermore, the ISO 27001 certification allows us to systematically assess and mitigate risks associated with information security. Through a proactive approach, we identify potential vulnerabilities and take necessary measures to protect our infrastructure and the entrusted data. This certification also gives us a competitive advantage by instilling confidence in our clients and business partners, showcasing our commitment and capability to safeguard the confidentiality, integrity, and availability of information across all our operations. In summary, the ISO 27001 certification reinforces our dedication to information security and positions us as a trusted partner in an increasingly complex and threatening digital environment.