2020 Market Guide for Identity Proofing and Affirmation
Get the Guide
X
arrow Back to Compliance & Regulations

PCI-DSS Compliance

Discover the value of PCI DSS compliance for your online customer identity verification program, and how to achieve it.
Get the Compliance Made Simple E-Book

What is PCI-DSS?

PCI DSS compliance requires adherence to a set of specific security standards that were developed to protect sensitive card information during and after a financial transaction and “to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally.”

Who is Impacted?

PCI DSS applies to all entities involved in payment card processing — including merchants, processors, acquirers, issuers and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data and/or sensitive authentication data.

That is, the standard applies to all organizations, which hold, process or pass cardholder information from any card branded with the logo of one of the card brands.

How to Know if Your Identity Verification Solution is PCI-DSS Compliant

While it is not mandatory for online identity verification providers to comply with PCI DSS, consider the value of the data they are handling — legitimate government issued IDs (e.g., passports and driver’s licenses). These images can fetch up to $20 on the dark web. Black market dealers can inflict considerable damage armed with valid driver’s licenses and passports, including opening new credit cards or getting a major loan in the victim’s name.

This means that online identity verification vendors are sitting on a treasure trove of valuable PII information which must be managed appropriately and strictly protected from potential data breaches.

PCI defines a 12-step process that vendors need to adhere to show that they are taking the necessary steps to avoid online access or compromises to their card processing data. Failure to achieve PCI compliance could cause a retailer to face substantial penalties, which can exceed $500,000, depending on the volume of transactions processed.

Plain and simply, ask and verify that your identity verification provider has a valid PCI-DSS Level 1 certificate. In doing so, this will give you the assurance that their practices are up to date and validated by a reliable third party.

How Jumio Can Help

Jumio is PCI DSS Level 1 compliant.

We regularly conduct security audits, vulnerability scans and penetration tests to ensure compliance with security best practices and standards. To demonstrate PCI compliance a yearly on-site validation assessment by a QSA is carried out.

Jumio carries the security controls established to achieve PCI compliance over to PII data which is of comparable sensitivity and has extended the scope of such controls to cover and protect all systems used to transmit/process/store PII data.

Because Jumio complies with PCI-DSS strict security standards, our customers can have greater confidence that their data — be it credit cards, PII or government-issued
IDs — is handled in a secure manner throughout its lifetime.

Jumio extracts, redacts (masks) and stores merchants' credit card information while adhering to PCI DSS, reducing customers’ internal processing and operational costs.

Learn More

Guide/Whitepaper

Compliance Made Simple

Guide/Whitepaper

A Buyer’s Guide to Online Identity Verification

Get Started

Let a Jumio expert show you how easy it can be to integrate our automated verification solutions into your onboarding process, whether it be within your app or on your website. Request more information here and we’ll be in touch shortly.
Request More Information