The Payment Card Industry Data Security Standard (PCI DSS) is the gold standard for information security for organizations that handle credit and debit card payments. Plivo is certified for PCI DSS compliance and has renewed its compliance.
What does PCI DSS cover?
PCI DSS covers security requirements regarding storage and transmission of data, access control, and other factors, including:
- Use of firewalls and antivirus software
- Data encryption, leveraging end-to-end encryption with the robust AES-256 (Advanced Encryption Standard) protocol
- Passwords
- Multifactor authentication
- Specified roles and responsibilities for each requirement
PCI DSS comprises a set of requirements instituted and regulated by the PCI Security Standards Council (PCI SSC), a consortium of card brands including Visa, Mastercard, American Express, and Discover. All organizations that process, store, or transmit payment card data must comply with PCI DSS requirements or risk losing their ability to process these payments.
Plivo is PCI DSS certified
Plivo is certified for PCI DSS Level 1, which applies to organizations that process more than six million credit or debit card transactions annually. We undergo an internal audit once a year, conducted by an authorized PCI auditor, and submit to a PCI scan by an approved scanning vendor once a quarter.
Plivo doesn’t accept payments directly — a cloud-based payment platform handles all of our transactions. However, while using a third-party provider cuts down on our risk exposure and reduces the scope of detail necessary to validate compliance, we still need to be PCI DSS compliant.
Plivo has renewed its PCI DSS compliance, ensuring your cardholder data remains secure.
PCI DSS compliance requires everyone’s attention
As a communications platform as a service (CPaaS), cardholder data security is of utmost importance at Plivo. Having achieved PCI DSS compliance, we’re committed to ensuring an unparalleled level of safety. Our platform is designed to accommodate payment-related workflows through voice or message APIs.
However, PCI DSS compliance is a shared responsibility. While Plivo ensures elements like data encryption both in transit and at rest, and redaction of specific details in logs, corroborated by audit reports from independent third parties, our customers have their own set of responsibilities. They must ensure the security of their authentication credentials, use the Plivo console securely, and ensure that their applications’ instructions are compliant. This collaborative approach helps us maintain a platform that’s secure for every user.
Become an enterprise customer
PCI DSS compliance is just one Plivo feature that will appeal to large organizations. We’ve rolled several other features into an enterprise package that has numerous benefits for large organizations. Tell us about your needs and we’ll have an expert get in touch with you.