MoonPay has achieved PCI DSS 4.0.1 recertification, maintaining its Level 1 compliance status under the updated payment security framework.
The company first achieved certification under PCI DSS 4.0 in March 2025. The subsequent 4.0.1 version does not introduce new compliance requirements, but rather refines the existing framework through clarifications of intent, improved guidance, and support for more consistent implementation across organisations.
Compliance scope and significance
PCI DSS Level 1 represents the most stringent of the four tiers within the standard's compliance framework, typically applicable to organisations processing large volumes of card transactions. Maintaining this status under the revised version signals that MoonPay's security controls have continued to meet the updated baseline without requiring structural changes to its compliance programme.
The recertification adds to a broader set of security credentials held by the company, which include SOC 2 Type 2, ISO 27001, ISO 27018, and ISO 27701 certifications. Together, these cover information security management, privacy controls, and cloud-based personally identifiable information protection, all of which represent areas of particular relevance for a platform operating at the intersection of cryptocurrency and traditional payment infrastructure.
A company official noted that maintaining certification under the evolving standard reflects an ongoing focus on security continuity, allowing users to transact with confidence as the framework develops.
Context and industry relevance
PCI DSS 4.0.1 was published by the PCI Security Standards Council as a maintenance release to address minor errors and ambiguities in the 4.0 version. Organisations certified under 4.0 were required to transition to 4.0.1 to maintain valid compliance standing. The standard governs how entities that store, process, or transmit cardholder data must protect that information, and its requirements are enforced through card network rules globally.
For crypto-native platforms handling fiat on-ramps and card-based transactions, PCI DSS compliance is a foundational requirement for operating within traditional card payment ecosystems. As regulatory scrutiny of crypto-linked payment services continues to grow across multiple jurisdictions, security certifications of this type carry increasing operational and reputational weight.
MoonPay's recertification under the current version of the standard positions the company as maintaining alignment with payment industry requirements at a time when the broader sector is navigating heightened expectations around consumer data protection and transaction security.
