Security

Providing a secure platform for our customers, merchants and partners is our obsession. The Afterpay Security team works around the clock to ensure that you can shop with confidence.

For consumers

We take your security seriously. If something doesn’t look right with your Afterpay account, please visit our Help Centre  for info on how to report suspicious transactions, as well as other helpful tips. 

Security Compliance

Compliance is important! We really care about protecting cardholder data.

 

 

PCI-DSS Compliance

Afterpay Limited is a PCI-DSS Level 1 certified Service Provider organisation.


PCI-DSS is a comprehensive set of requirements created by the Payment Card Industry Security Standards Council to ensure cardholder data security.

 

By receiving data directly from our customers, Afterpay Limited acknowledges that this means the organisation has responsibilities for ensuring the secure handling of customer cardholder data for the Afterpay services.

 

Afterpay Limited does not receive cardholder data from our merchants. Merchants may have PCI-DSS responsibilities that are independent of the Afterpay Merchant Agreement process. It is the Merchant’s sole responsibility to remain informed of their PCI-DSS obligations and compliance status.

 

Afterpay Attestation of Compliance (AOC) is available to merchants and partners on request and under a NDA.

Afterpay’s Privacy Policy is available here.

 

ISO/IEC 27001 compliance

Afterpay Limited is an ISO/IEC 27001 certified organisation.

ISO/IEC 27001 is an international standard that requires organisations to establish, implement, maintain and continually improve an information security management system.

Identified a security vulnerability?

 

Let us know!


Afterpay allows security researchers to responsibly identify and disclose vulnerabilities in line with our responsible disclosure policy, available here.

 

You can contact our team at security@afterpay.com