Industry

Persona obtains PCI DSS certification.

Learn what this certification means for you and what's next.

An icon readying PCI DSS
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways

At Persona, our goal is to enable trust between businesses and their customers. One of the biggest ways we do this is by ensuring we keep data safe. We’re already ISO 27001, SOC 2, and NIST IAL2 certified, and today we’re proud to add PCI certification to our growing list.

What is PCI compliance?

In 2006, American Express, Discover, JCB, Mastercard, and Visa formed the Payment Card Industry Security Standards Council (PCI SSC), which created a standard security policy — the PCI Data Security Standard (PCI DSS) — to protect consumers and reduce fraud and data breaches. Today, PCI DSS is the global industry standard for all entities that handle cardholder data.

PCI compliance refers to the standards organizations must follow to secure and protect sensitive credit card data during and after a financial transaction. Credit card companies require companies that process, store, or transmit credit card data to maintain PCI compliance to help ensure the security of online transactions.

What does our PCI certification mean for your business?

As with our SOC 2 and ISO 27001 certifications, Persona’s PCI certification basically means you can trust that we handle data — specifically cardholder data such as primary account numbers (PANs), cardholder names, expiration dates, and service codes in this case — securely, as we comply with PCI’s strict information security requirements and have been validated by a reliable third party.

To get certified, we had to demonstrate that we protect cardholder data by following PCI’s 12 requirements. These requirements essentially boil down to three main components:

  • Collecting and transmitting sensitive card details securely
  • Storing card data securely
  • Validating that we have the required security controls in place each year

Practically, our certification means we’ve implemented a number of security processes to keep payment data safe, such as installing and maintaining a firewall to protect cardholder data, encrypting data, restricting and monitoring access to cardholder data, regularly conducting security audits, vulnerability scans, and penetration tests, and more.

On a broader level, our PCI certification reinforces our commitment to helping businesses securely control and manage PII of all kinds. As such, you can leave even more types of sensitive PII to us and focus on what you do best.

Chat with a product expert
See a demo of Persona's identity platform

What’s next?

Going forward, we’ll continue to recertify each year, which involves an annual on-site validation assessment by a Qualified Security Assessor (QSA).

Additionally, our PCI certification will allow us to expand our offerings. For example, while none of these features are currently live, in the future, we may be able to allow businesses to:

  • Collect and store sensitive payment information such as full PANs directly on our PCI DSS-validated servers
  • Evaluate additional risk signals, such as a new credit card not associated with an account
  • Search for accounts linked by credit card information (such as the last four digits of a credit card number) via Graph
  • Create blocklists of certain PANs

If you’d like to request a copy of our PCI certification, please email [email protected]. You can also learn more about our other certifications and security measures on our Security Page.

Frequently asked questions

No items found.

Continue reading

Continue reading

Identity challenges in the travel industry: How hospitality businesses can fight fraud
Identity challenges in the travel industry: How hospitality businesses can fight fraud
Industry

Identity challenges in the travel industry: How hospitality businesses can fight fraud

Identity fraud in the travel industry has become increasingly common. Here are some common identity challenges and potential solutions businesses need to know about.

How digital health apps can overcome four barriers to converting users
How digital health apps can overcome four barriers to converting users
Industry

How digital health apps can overcome four barriers to converting users

New patients might abandon onboarding if they’re confused, frustrated, or overwhelmed. Here are four ways digital health apps can improve conversion.

How to create scalable and compliant international KYB processes
How to create scalable and compliant international KYB processes
Industry

How to create scalable and compliant international KYB processes

Industry experts discuss international KYB and debunk common myths while sharing how to build a scalable global KYB process.

Persona achieves ISO 27001 certification
Announcement

Persona achieves ISO 27001 certification

Learn what this certification means for you and what's next.

Persona achieves SOC 2 Type 2
Announcement

Persona achieves SOC 2 Type 2

Security and privacy aren’t just features — they are part of our identity.

Announcing Persona’s $150M Series C
Announcement

Announcing Persona’s $150M Series C

We've raised a $150M Series C to continue growing our identity infrastructure platform built to support real people, not user IDs.

Ready to get started?

Get in touch or start exploring Persona today.