At Plivo, security is more than just a checkbox — it's at the core of our operations and our commitment to you. That’s why we're excited to announce that we've upgraded our Payment Card Industry Data Security Standard (PCI DSS) certification from version 3.2.1 to the more advanced PCI DSS 4.0.
Plivo Earns PCI DSS 4.0 Certification
Plivo Cloud has achieved PCI DSS 4.0 certification, the most recent update to the requirements. This accomplishment reinforces our commitment to compliance and data security, giving you even greater confidence in our services.
Understanding PCI DSS: The Gold Standard in Data Security
The PCI DSS is a rigorous set of requirements designed to ensure that any company that processes, stores, or transmits credit card information maintains a secure environment. This certification is crucial for any organization that processes payments.
With PCI DSS 4.0, Plivo meets industry-standard controls and requirements using:
- Firewalls and antivirus software: We implement essential tools for protecting against unauthorized access and threats.
- Data encryption: We safeguard your information by encrypting data during transmission using TLS 1.2+ and securing it at rest with AES-256 encryption.
- Passwords and multifactor authentication: We enforce strict access controls to ensure that only authorized personnel can access sensitive information.
- Roles and responsibilities: We clearly delineate responsibilities to maintain compliance and security at every level of the organization.
These requirements are regulated by the PCI Security Standards Council (PCI SSC), a consortium of major credit card brands like Visa, Mastercard, American Express, and Discover.
Plivo’s PCI DSS Certification: What It Means for You
Plivo is proud to hold a PCI DSS Level 1 certification, which applies to organizations that annually process more than six million credit or debit card transactions. Achieving and maintaining this certification involves rigorous annual audits by authorized PCI auditors and regular scans by approved scanning vendors to ensure ongoing compliance.
A third-party, cloud-based payment platform handles our transactions to reduce Plivo’s exposure to direct payment data, yet our PCI DSS compliance remains essential. This certification aims to reassure you that Plivo’s platform provides the necessary infrastructure to protect your data.
PCI DSS Compliance: A Shared Responsibility
While Plivo takes extensive measures to secure your data—such as encrypting data in transit and at rest, and redacting sensitive details in logs—it's important to remember that PCI DSS compliance is a shared responsibility. As our customer, you play a critical role in maintaining the security of your data. This includes:
- Secure authentication credentials: Ensure that your login details and API keys are protected and not shared.
- Use the Plivo console securely: Follow best practices for secure access and use of our console.
- Ensuring compliance in your applications: Make sure that the instructions your applications send to Plivo adhere to PCI DSS requirements.
This partnership approach is vital to keeping the platform secure for everyone involved.
Beyond Compliance: The Plivo Promise
Our upgrade to PCI DSS 4.0 is just one aspect of our broader commitment to data security. For large enterprises, this level of compliance is part of a comprehensive suite of security measures we offer. From robust internal controls to continuous monitoring and threat assessments, we go beyond what's required to provide a platform you can trust.
If your organization needs a reliable partner to securely handle payment data communications, we invite you to explore what Plivo can offer. Reach out to our sales team to learn more about how our enterprise solutions can meet your security needs.
Your security is, and always will be, our top priority. We deeply appreciate your trust in Plivo, and we’re committed to continually enhancing our platform to protect your data.
