// Trust & Security Report

    Wise Payments Limited (Wise plc group; regional entities include Wise Europe SA, Wise Assets Europe AS) logo

    Wise Payments Limited (Wise plc group; regional entities include Wise Europe SA, Wise Assets Europe AS)

    Global money-movement platform: Wise Account and Wise Business (multi-currency accounts, international transfers, debit card), Wise Platform (B2B/API payments infrastructure for banks and fintechs), and Wise Assets (interest-bearing balances via a separately regulated investment entity).

    Certifications held

    5

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO/IEC 27001:2022
    HELD

    Coalfire Certification, Inc. certifies that the following organization operates an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2022... COMPANY: Wise Payments Ltd... Scope: The certificate scope comprises the Information Security Management System supporting the operations underlying the Wise financial service offerings: Wise Account, Wise Business, and Wise Platform. Certificate Number 2020-080301, Certificate Issuance Date July 10, 2025, Expiration Date August 3, 2026.

    Verify on wise.com
    SOC 1 Type 2
    HELD

    Thanks to their SOC 1 type 2, SOC 2 type 2, PCI DSS, and ISO 27001 certifications and GDPR compliance, you can feel confident entrusting Wise with all your transactions.

    Verify on wise.com
    SOC 2 Type 2
    HELD

    Thanks to their SOC 1 type 2, SOC 2 type 2, PCI DSS, and ISO 27001 certifications and GDPR compliance, you can feel confident entrusting Wise with all your transactions.

    Verify on wise.com
    PCI DSS
    HELD

    Thanks to their SOC 1 type 2, SOC 2 type 2, PCI DSS, and ISO 27001 certifications and GDPR compliance, you can feel confident entrusting Wise with all your transactions.

    Verify on wise.com
    GDPR compliance posture
    HELD

    Enter into EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner's Office with the data importer, where the EU or UK GDPR apply.

    Verify on wise.com
    > Show 7 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No public evidence Wise handles protected health information or claims HIPAA status; Wise is a regulated payments/e-money institution, not a healthcare business associate. Not applicable to its product scope.

    source: wise.com
    ISO/IEC 27017 (cloud security)
    NOT CONFIRMED

    No public evidence found on Wise's own domain of a separate ISO 27017 certificate.

    source: wise.com
    ISO/IEC 27018 (PII in cloud)
    NOT CONFIRMED

    No public evidence found on Wise's own domain of a separate ISO 27018 certificate.

    source: wise.com
    ISO/IEC 27701 (privacy information management)
    NOT CONFIRMED

    No public evidence found on Wise's own domain of an ISO 27701 certificate.

    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence found; Wise's privacy notice discloses use of AI/ML and generative AI internally but does not reference an ISO 42001 or CSA STAR AI certification.

    source: wise.com
    CSA STAR
    NOT CONFIRMED

    No public evidence found on Wise's own domain of CSA STAR registration or certification.

    FedRAMP
    NOT CONFIRMED

    No public evidence found; not applicable, Wise is not a US government cloud service provider.

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    Multi-entity, jurisdiction-dependent: Wise Payments Limited (UK, FCA-regulated), Wise Europe SA (Belgium, regulated by the National Bank of Belgium for the EEA), Wise Assets Europe AS (Estonia, regulated by the Estonian Financial Supervision and Resolution Authority for investment products), plus US, Singapore, Australia, Japan, and other local entities. International transfers use EU Standard Contractual Clauses and the UK International Data Transfer Addendum.

    Wise's privacy notices (personal and business) state: 'We may use Artificial Intelligence ("AI"), including machine learning models and generative AI large language models (LLMs) to improve the efficiency and effectiveness of our services and our financial crime and fraud prevention processes,' and commit that 'We will always let our customers know if they are interacting directly with an AI system.' No explicit statement was found confirming or denying that customer transaction/content data is used to train third-party foundation models, nor is a customer-facing opt-out described in the pages reviewed. Treat as unconfirmed pending a direct vendor confirmation.

    // Security controls

    Encryption in transit (API)

    Wise Platform API documentation describes OAuth 2.0 for partner auth, with mTLS and JOSE/JWE for enhanced-security integrations; sensitive card data is end-to-end encrypted client-side using the JWE standard before transmission.

    docs.wise.com

    API authentication

    OAuth 2.0 for all partner accounts; mTLS and Strong Customer Authentication (SCA) available/required for sensitive operations; guidance to store credentials in a secrets manager and rotate client secrets periodically.

    docs.wise.com

    Account authentication

    Wise uses 2-factor authentication to protect consumer accounts and transactions.

    wise.com

    Fraud monitoring

    Automated, always-on fraud monitoring and dedicated fraud/security teams cited on the homepage (marketing claim, no independent audit reviewed).

    wise.com

    Fund safeguarding

    Customer funds are held segregated from Wise's own money, in cash, secure liquid assets (short-duration government bonds), or insured equivalents, per regulatory safeguarding obligations.

    wise.com

    ISMS certification

    ISO/IEC 27001:2022 certified (Wise Payments Ltd), scope covering Wise Account, Wise Business, and Wise Platform; certificate valid through August 3, 2026.

    wise.com

    // Products & data scope

    Wise AccountConsumer multi-currency account & international transfers

    data: Personal identity/KYC data, transaction data, device data

    Covered by ISO 27001 certificate scope; FCA/EEA regulated e-money/payments entity.

    Wise BusinessSME/business multi-currency account & payments

    data: Business KYC/beneficial-ownership data, transaction data, team member access data

    Covered by ISO 27001 certificate scope.

    Wise PlatformB2B payments infrastructure / API for banks, fintechs, and platforms

    data: Partner and end-customer transaction data passed via API, card data (PCI-scoped) for card issuing

    Covered by ISO 27001 certificate scope; PCI DSS self-attested (see certifications); API security via OAuth2/mTLS/SCA.

    Wise AssetsInterest-bearing balances / investment product

    data: Same customer identity data plus investment-suitability data

    Provided by Wise Assets Europe AS, a separately regulated investment firm (Estonian FSA); NOT explicitly named in the reviewed ISO 27001 certificate scope statement, which lists only Wise Account, Wise Business, and Wise Platform - flagged as a scope gap to verify with the vendor.

    // What to watch

    • Identity-conflation risk: 'wise.is' is an unrelated Icelandic enterprise-software company and 'Wisetack' is a separate US fintech; neither's certifications belong to Wise.com/Wise plc. Verified the ISO 27001 certificate and blog claims come from wise.com/docs.wise.com only.
    • SOC 1 Type 2, SOC 2 Type 2, and PCI DSS are only backed by a marketing-blog self-attestation (wise.com/us/blog/is-wise-business-safe) on the vendor's own domain; no downloadable certificate, AOC, or audit report was locatable publicly (typical, as these are usually shared under NDA), so confidence on those three specific certs is lower than the directly-verified ISO 27001 certificate.
    • The captured ISO 27001 certificate scope explicitly names Wise Account, Wise Business, and Wise Platform but does not name Wise Assets Europe AS (the interest/investment product) - do not assume investment-product infrastructure is covered by the same ISMS scope.
    • Privacy notice discloses use of AI/ML and generative AI internally (fraud prevention, service efficiency) but does not clearly state whether customer data is used to train models or whether an opt-out exists; treat trains_on_customer_data as unconfirmed, not false.
    • No public trust center / security portal (e.g. no SafeBase/Vanta-style trust page) was found; compliance claims are scattered across a certificate download link, help-centre articles, and blog posts rather than a single vendor-maintained trust hub.
    • Wise is a regulated financial-services company (e-money/payments/investment licenses), not primarily an 'AI tool' - confirm this listing's category fit for an AI-tools directory before publishing alongside SaaS/AI products.

    // At a glance

    Pricing model

    Usage-based: per-transfer fee plus exchange-rate markup shown transparently at checkout; free account opening; Wise Platform/API pricing is custom/negotiated for partner institutions.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Wise Payments Limited (Wise plc group; regional entities include Wise Europe SA, Wise Assets Europe AS)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    wise.com

    > Browse all vendor trust reports