Jumio is PCI Level 1 compliant and regularly conducts security audits, vulnerability scans and penetration tests to ensure compliance with security best practices and standards. To demonstrate PCI compliance a yearly on-site validation assessment by a QSA is carried out. Jumio carries the security controls established to achieve PCI compliance over to PII data which is of comparable sensitivity and has extended the scope of such controls to cover and protect all systems used to transmit/process/store PII data. Doing so, provides Jumio with a coherent and independently tested set of security policies/processes/controls and enables Jumio’s customers to gain confidence that their data – be it credit card or PII – is handled in a secure manner throughout its lifetime.
From privacy and security perspectives, all data is transmitted using secure transport with strong cipher suites and stored encrypted using AES256. Jumio is PCI Level 1 compliant.
Jumio’s processing system deploys the industry standard in IT infrastructure monitoring. This service monitors all Jumio servers, switches, applications and services and enables near-instant awareness of IT infrastructure problems – even before they occur.