GoPay Achieves ISO 27001:2013 Accreditation to Protect Users with a Global Standard of Information Security

In line with its vision to be recognized as the most safe and trusted payments platform, GoPay achieved ISO 27001 certification, the international standard in the application of Information Security Management Systems (“ISMS”), published by the International Organization for Standardization (ISO) in collaboration with the International Electrotechnical Commission (IEC).

This information security management system includes all services, from account registration, verification, suspension, payment, peer-to-peer transfer, balance top-up, and cash withdrawal. The commitment to the implementation of ISO 27001 also includes support processes such as human resources management, risk & fraud, legal, compliance and technology operations, and others.

Erna Damayanty, President Director of PT BSI Group Indonesia, commended GoPay for achieving the ISO 27001 Information Security Management System Certificate. 

“Achieving ISO 27001 certification means that GoPay is not only protecting user data in line with the rules and regulations on information security from the government of Indonesia, but is also in line with Europe’s General Data Protection Regulation (GDPR) and the Personal Data Protection Act from the United States.  Today GoPay demonstrates how committed it is to protect users with an international standard for information security to ensure that user payment transactions are not only convenient but also safe.”

Ir. Tony Seno Hartono, Center for Digital Society (CfDS) of Gadjah Mada University researcher, emphasized the importance of ISO 27001 accreditation for a technology company. 

“ISO 27001 is an information security management standard that is recognized internationally and which has been adopted by Indonesia as a national standard. ISO 27001 accreditation ensures all users that GoPay is committed to professionally manage all security risks. ISO 27001 accreditation is not a simple process and requires a licenced auditor to measure complete compliance of the  frameworks surrounding the legal, physical and technical controls that are used when processing an organisation’s information risk management. The ISO 27001 provides complete guidance, from establishing and implementing the framework to the way in which it is operated and monitored. Congratulations to GoPay for proving its commitment in promoting information security and providing a safety guarantee for consumers.

Working together with Gojek through the Aman Bersama Gojek initiative, GoPay takes a two prong approach to security, first by raising awareness on the importance for the public to maintain digital security by taking JAGA precautions, which highlights:

• No to conduct any payments unless it is through the Gojek app
• Secure your personal data with a password and to never share the OTP code
• Use identification security tools including biometric verification and PIN for transaction
• Report any suspicious activity through Gojek’s official customer service or report directly to the authorities if you are a victim of cybercrime.

Second, GoPay continuously develops technologies to maximize security, including the biometric identification feature for authorizing users when making payments with business partners or transferring balances to other users. This feature is part of the Gojek SHIELD, a comprehensive security technology system that protects users from the risk of cyber attacks.

The implementation of GoPay’s information security management system will not stop here. It will be improved continuously to protect all users.