The Payment Card Industry Data Security Standard (PCI DSS) is the gold standard for information security for organizations that handle credit and debit card payments. Plivo is certified for PCI DSS compliance.
What is PCI DSS?
PCI DSS covers security requirements regarding storage and transmission of data, access control, and other factors, including:
- Use of firewalls and antivirus software
- Data encryption
- Passwords
- Multifactor authentication
- Specified roles and responsibilities for each requirement
PCI DSS comprises a set of requirements instituted and regulated by the PCI Security Standards Council (PCI SSC), a consortium of card brands including Visa, Mastercard, American Express, and Discover. All organizations that process, store, or transmit payment card data must comply with PCI DSS requirements or risk losing their ability to process these payments.
Plivo is PCI DSS certified
Plivo is certified for PCI DSS Level 1, which applies to organizations that process more than six million credit or debit card transactions annually. We undergo an internal audit once a year, conducted by an authorized PCI auditor, and submit to a PCI scan by an approved scanning vendor once a quarter.
Plivo doesn’t accept payments directly — a cloud-based payment platform handles all of our transactions. However, while using a third-party provider cuts down on our risk exposure and reduces the scope of detail necessary to validate compliance, we still need to be PCI DSS compliant.
PCI DSS compliance requires everyone’s attention
PCI DSS compliance is a shared responsibility, however. Plivo can guarantee things like encryption of data in transit and at rest and redaction of details in logs, and back those guarantees up with audit reports from independent third parties. But our customers are responsible for other aspects, such as securing their authentication credentials and using the Plivo console in a secure environment. In short, you have to use Plivo in a compliant manner and make sure your applications’ instructions to us comply with the statutes.
Become an enterprise customer
PCI DSS compliance is just one Plivo feature that will appeal to large organizations. We’ve rolled several other features into an enterprise package that has numerous benefits for large organizations. Tell us about your needs and we’ll have an expert get in touch with you.