G2A.COM, the world's largest marketplace for digital entertainment, has successfully renewed its compliance with the Payment Card Industry Data Security Standard (PCI DSS), achieving certification under the latest version 4.0.1. This recertification reinforces G2A’s continued commitment to safeguarding user data and upholding the highest global standards of payment security.

The PCI DSS standard, established by the PCI Security Standards Council, is a mandatory compliance framework for any company that stores, processes, or transmits cardholder data. Major global brands such as Amazon, Apple, and Microsoft maintain this certification, and G2A.COM is proud to stand alongside them in prioritizing secure commerce.

“The renewal of our PCI DSS certification – especially under the latest and most stringent version – underscores our long-term dedication to protecting our users' data at every stage of the payment process,” said Dorota Wróbel, General Manager at G2A.COM. “Security isn’t a checkbox – it’s a mindset that runs through every system, every process, and every person at G2A.COM.”

Upgrading to PCI DSS 4.0.1 is a new standard in vigilance

Version 4.0.1 of the PCI DSS introduces a major evolution in how organizations must operate. Unlike earlier iterations, this version transforms compliance from a one-time project into an ongoing security program, requiring organizations to implement continuous monitoring, proactive risk mitigation, and security-by-design development practices.

G2A.COM's infrastructure and operations were assessed by Patronusec, one of the Qualified Security Assessor (QSA), as part of a comprehensive audit covering nearly 270 rigorous security controls across people, processes, and technologies. G2A’s recertification process validates the integrity of its security architecture and the robustness of its payment ecosystem. Achieving this certification is far from a formality — it is reserved for only the most thoroughly prepared companies in the world when it comes to data security.

Building trust through security

First certified in February 2024, G2A has now maintained its PCI DSS compliance for a second consecutive year. The renewal, awarded on February, confirms that the company continues to meet – and exceed – the industry’s most demanding cybersecurity requirements. The first year is the most challenging, as it introduces a range of new and complex security processes that must be implemented and strictly followed. Compliance is not declarative – it must be proven with solid evidence during re-certification audits.

“For our millions of global users, trust is everything,” said Dorota Wróbel, “This certification is one of many ways we prove that we take that trust seriously – not just once a year, but every single day.”