Voxeo Achieves PCI Compliance

Voxeo, a provider of IVR and VoIP platforms and services, has received third-party certification of compliance to the Payment Card Industry Data Security Standard (PCI-DSS) version 2.0. PCI-compliance means that sensitive credit card information being processed is protected against fraud and that the customer's most critical data is secure.

"Trust is a vital part of Voxeo's relationship with our customers," said Jonathan Taylor, Voxeo's founder and CEO. "Being PCI-compliant is a competitive differentiator for Voxeo in the marketplace, and we are excited to have this kind of validation in the industry."

The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. The standard incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP), the Visa International Account Information Security (AIS) program and the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB).

To be in compliance with this standard, all of Voxeo's Internet connections, assigned IP addresses, and all Internet connected servers (Web, email, DNS, etc.) must have no level 3, 4, or 5 severity vulnerabilities in their most recent security audit. Audits must be conducted at least every 90 days. Additionally, on-site security audits must be performed. Since 2007, Voxeo has self-certified that its cloud-based operations were PCI-compliant. For the PCI-DSS 2.0 certification Voxeo chose to engage the services of an approved Qualified Security Assessor (QSA) to obtain the external validation of the security of Voxeo’s cloud.

Voxeo is currently listed on both MasterCard’s Site Data Protection Compliant Service Providers and Visa's Global Registry of PCI -Compliant Service Providers .