Evervault, a company building simplified encryption infrastructure for developers, today announced it has successfully achieved compliance with the Payment Card Industry Data Security Standard (PCI DSS), which mandates how payment card data is secured and maintained.
Enhancing its already rigorous security standards with this new certification, Evervault is equipped to help organizations encrypt and secure their customers’ cardholder data, while reducing their PCI DSS scope to the simplest method. This reduces a significant administrative burden for Evervault’s users, while upping their data security through encryption for an added layer of assurance.
Currently a Level 2 Service Provider under PCI DSS, Evervault is in the process of attaining Level 1 certification, as it projects it will exceed the Level 2 benchmarks following its general launch. As a Level 2 Provider, Evervault can process or transmit up to 300,000 annual transactions each for VISA, MasterCard and Discover, as well as up to 2.5 million annual transactions for American Express.
"PCI DSS is one of the most important industry standards that ensures a baseline level of protection for consumers and helps reduce fraud and data breaches – but it can slow down companies heavily when they start building in the payments, banking and finance spaces," said Shane Curran, CEO of Evervault. "With our encryption infrastructure, we're bolstering the baseline protection consumers have and making PCI compliance easy for developers and businesses – without them having to go through the arduous compliance process."
Evervault’s first PCI DSS customer is TreeCard, an environmental fintech company that makes sustainably sourced debit cards and aims to put 80% of profits toward responsible reforestation. TreeCard uses Evervault’s encryption services to secure cardholder data without having to manage encryption keys or configure crypto libraries.
"PCI DSS becomes a heavy burden for companies like us that process cardholder data,” said Jamie Cox, CEO of TreeCard. “Encrypting with Evervault reduces our PCI scope to the simplest method of validation. This will save us time and give us peace of mind that we're fully compliant, while allowing us to focus on what matters most – getting more users and planting more trees."
Attaining PCI DSS compliance is Evervault’s first commitment to ending data breaches in the payments and card industry. This certification comes on the heels of Evervault’s compliance with both the healthcare industry’s Health Insurance Portability and Accountability Act (HIPAA) and Service Organization Control (SOC) 2 Type II earlier this year.