• Polish fraud-fighting solution provider Nethone received the SOC 2 Type 2 security certificate, making the company fully SOC 2 compliant
• This followed Nethone’s SOC 2 Type 1 certification and involved a prolonged and more thorough audit by the American Institute of Certified Public Accountants (AICPA)
• Having both ISO27001 and SOC 2 certifications reveals Nethone as a globally recognized security provider

This May, Polish fraud fighters Nethone announced the obtaining of the SOC 2 Type 2 certificate. The certificate was awarded by the American Institute of Certified Public Accountants (AICPA) following a prolonged audit process after Nethone was awarded SOC 2 Type 1 certificate last year. This marks that Nethone is now fully SOC 2 compliant.

Founded back in 2016 by a team of Polish cyber security experts, Nethone has now grown into a well-known and established provider of a comprehensive solution against online financial frauds. The company boasts an impressive list of global players in eCommerce, digital goods, and financial industries, among its partners. Nethone’s modular Know Your User™ solution enables any online business to minimize risk-related friction across channels, addressing a wide spectrum of fraud types, including bot attacks, ATO, CNP fraud, or chargeback fraud. Additionally, clients get real-time actionable recommendations.

Between SOC 2 Type 1 and Type 2

Earlier this year, Nethone was awarded the ISO27001 certification, which signified the company’s compliance with the international security standards. Depending on the geography, some clients prefer to see ISO27001 whereas others look for SOC 2. The former is particularly popular in the USA, and the latter – in the rest of the world. It is not only a matter of preference, but in many industries, it is also a compulsory norm demanded by the regulator. Having both would allow Nethone to reach as many clients as possible. As such, the company’s CTO Mark Burton told ITKeyMedia, at the time that the company’s next priority in this direction would be to obtain full SOC 2 certification.

‘SOC 2 Type 1 audits security measures during a specific period in time whereas Type 2 is a prolonged audit process and is checked more frequently, which can take anything from 3-6 months, to ensure that the standards met during the Type 1 certification are continuously adhered to. In other words, we were certified SOC 2 Type 1, whereas now, the attestation is a confirmation that we are maintaining a high standard of data/security procedures. Any security lapses from Type 1 to Type 2 would result in, well, a fail,’ Nethone’s chief data officer Maciej Pitucha explains.

‘SOC 2 certification is widely recognized in many countries of the world. This certification is primarily important for companies that process and store their clients’ confidential data. Obtaining SOC 2 certification confirms the implementation of adequate safety measures and their control to provide confidentiality, integrity, and accessibility of the client data,’ Olga Voloshyna, Chairperson of the Committee on IT and Cyber Security of the German-Ukrainian Chamber of Industry and Commerce, confirms.

ISO27001 + SOC 2

According to Mr Pitucha, full compliance with both ISO27001 and SOC 2 standards shows Nethone’s global clients that the security provider takes its internal security measures and the safety of its customers’ data seriously.

‘The combination of the ISO 27001 and SOC 2 certifications provides for a complex and universally recognized approach to the information security management at an organization,’ Ms Voloshyna agrees.