While it is not mandatory for online identity verification providers to comply with PCI DSS, consider the value of the data they are handling — legitimate government issued IDs (e.g., passports and driver’s licenses). These images can fetch up to $20 on the dark web. Black market dealers can inflict considerable damage armed with valid driver’s licenses and passports, including opening new credit cards or getting a major loan in the victim’s name.
This means that online identity verification vendors are sitting on a treasure trove of valuable PII information which must be managed appropriately and strictly protected from potential data breaches.
PCI defines a 12-step process that vendors need to adhere to show that they are taking the necessary steps to avoid online access or compromises to their card processing data. Failure to achieve PCI compliance could cause a retailer to face substantial penalties, which can exceed $500,000, depending on the volume of transactions processed.
Plain and simply, ask and verify that your identity verification provider has a valid PCI-DSS Level 1 certificate. In doing so, this will give you the assurance that their practices are up to date and validated by a reliable third party.
Jumio is PCI DSS Level 1 compliant.
We regularly conduct security audits, vulnerability scans and penetration tests to ensure compliance with security best practices and standards. To demonstrate PCI compliance a yearly on-site validation assessment by a QSA is carried out.
Jumio carries the security controls established to achieve PCI compliance over to PII data which is of comparable sensitivity and has extended the scope of such controls to cover and protect all systems used to transmit/process/store PII data.
Because Jumio complies with PCI-DSS strict security standards, our customers can have greater confidence that their data — be it credit cards, PII or government-issued
IDs — is handled in a secure manner throughout its lifetime.
Jumio extracts, redacts (masks) and stores merchants' credit card information while adhering to PCI DSS, reducing customers’ internal processing and operational costs.