What is PCI?
To improve the safety of consumer data and trust in the payment ecosystem, a minimum standard for data security was created. Visa, Mastercard, American Express, Discover, and JCB formed the Payment Card Industry Security Standards Council (PCI SSC) in 2006 to administer and manage security standards for companies that handle credit card data. Before the PCI SSC was established, these five credit card companies all had their own security standards programs—each with roughly similar requirements and goals. They banded together through the PCI SSC to align on one standard policy, the PCI Data Security Standards (known as PCI DSS) to ensure a baseline level of protection for consumers and banks in the Internet era.
Who is affected by PCI?
Anyone involved with the processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS).
Is Voma PCI-compliant?
Yes, Voma is PCI-compliant.
Voma uses Stripe to process all payments.
Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a
PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
Voma uses
Stripe.js to tokenize sensitive information. This means that all sensitive information is handled by Stripe.js, and it enables simple PCI compliance with SAQ A reporting.
This is possible because Stripe hosts form inputs containing card data within an iframe served from Stripe’s domain—not Voma's—so your customers’ card information never touches our servers.
How can I learn more about PCI?
We recommend the following resources to learn more about PCI:
What if I have any questions?
Please contact our team with any questions you have about PCI. You can message us on our website or send us an email at help@vomahq.com.
