The Business Case for Reducing PCI DSS Scope
A Business Guide to Simplifying Security
By
John Hetherton
John Hetherton- August 31, 2021
- 3 min read
Announcing PCI DSS compliance
Evervault is building encryption infrastructure for developers. Our mission is to encrypt the web. Our goal is to end data breaches.
Security will always be our number one priority. While being compliant is not the same as being secure, we know that being certified to the highest compliance standards is an important way to give developers and customers assurance that they can build business-critical applications on Evervault.
We’ve previously announced our compliance with HIPAA and SOC 2 Type II. Today, we’re excited to announce that Evervault has achieved compliance with Level 2 PCI DSS.
Evervault is a Level 2 Service Provider under PCI DSS. Level 2 Service Providers process or transmit up to 300,000 annual transactions for VISA; up to 300,000 annual transactions for MasterCard; up to 300,000 annual transactions for Discover, and up to 2.5 million annual transactions for American Express.
PCI DSS is one of the most important industry standards that ensures a baseline level of protection for consumers and helps reduce fraud and data breaches – but it can slow down companies heavily. With our encryption infrastructure, we're bolstering the baseline protection consumers have and making PCI compliance easy for developers and businesses – without them having to go through the arduous compliance process." —Shane Curran, Evervault founder / CEO
Customers — like Treecard, a free debit card that reforests the planet as you spend — that use Evervault as a Service Provider to encrypt cardholder data can reduce their PCI DSS scope to the simplest method of PCI DSS validation with correct configuration.
PCI DSS becomes a heavy burden for companies like us that process cardholder data. Encrypting with Evervault will save us time and give us peace of mind that we're fully compliant, while allowing us to focus on what matters most – getting more users and planting more trees." —Jamie Cox, Treecard co-founder / CEO
We’ve completed an SAQ-D and Attestation of Compliance with a qualified security assessor (QSA). Part of this process was a penetration test from Cure53, the leading Berlin-based security consultancy that does penetration tests for companies like 1Password.
We intend to become PCI DSS Level 1 certified as we project going beyond the 300,000 and 2.5 million benchmarks quickly with Evervault being generally available.
Contact our sales team for our QSA-assisted Level 2 Attestation of Compliance and to enter our PCI DSS Service Agreement. Developers and businesses that need to secure cardholder data under PCI DSS can start encrypting cardholder data now.
