Volterra, an innovator in distributed cloud services, today announced it has achieved Level 1 certification of the Payment Card Industry Data Security Standard (PCI DSS). Through Volterra’s compliance with the rigorous PCI standard, customers using Volterra services to run mission-critical applications can be assured that their security is maintained at the highest level and has been independently validated.
PCI DSS is an information security standard designed to increase controls around cardholder data to reduce payment card fraud. It is administered by PCI SSC (Payment Card Industry Security Standards Council), which was founded in 2006 by American Express, Discover, JCB International, MasterCard and Visa Inc. The standard applies to any organization that stores, transmits or accepts cardholder data.
There are four levels of PCI DSS compliance, each determined by the number of transactions an organization runs each year and the level of risk assessed by payment brands. Volterra is now Level 1 certified — the highest and most stringent level — allowing the company to process more than 6 million transactions annually.
Which Volterra services are PCI DSS certified
Level 1 certification includes an external, independent audit performed annually by a QSA (Qualified Security Assessor). In the PCI DSS certification process, Volterra’s entire global infrastructure has been audited (VoltConsoleTM, Volterra control plane, and all its data centers) as well as its security policies, software development processes, etc.
The core objective of PCI DSS is to protect cardholder data, therefore this certification of Volterra focused on its VoltMeshTM service. Volterra does not process or store cardholder data in any way since VoltMesh acts as a reverse proxy between customers’ origin servers (merchant or payment service provider) and end consumers.
This Level 1 certification ensures that any action performed on customer traffic by Volterra’s global infrastructure complies with PCI DSS requirements.
Benefits for Volterra customers
By complying to the arduous requirements of PCI DSS, Volterra provides its customers with an independent and industry-accepted security review of processes, policies, infrastructure, software development methodology, and more.
For e-commerce merchants, PSP (payment service providers) and more broadly any customer that stores, transmits, or accepts cardholder data, Volterra’s Level 1 certification will greatly facilitate their own PCI DSS compliance. Additionally, by providing a web application firewall (WAF), VoltMesh will help customers to meet PCI requirement 6.6.
“We are very happy to serve our customers with our newly certified PCI DSS Level 1 compliant services,” said Benjamin Schilz, VP of Infrastructure at Volterra. “Our entire team has achieved a tremendous amount of work over the past few months to deliver this capability and ensure our customers that we are providing the most secure, reliable cloud services possible to meet their dynamic business and technical needs.”
Volterra’s PCI DSS certified platform is available today as a free service for base users with two multi-cloud clusters and a paid enterprise subscription for larger footprint and/or globally-distributed deployments.
Volterra provides a distributed cloud services platform to deploy, network and secure applications across multi-cloud and the edge. Small businesses to Fortune 100 companies and global telcos are using Volterra to deploy and operate distributed applications through a consistent set of cloud services, end-to-end visibility and control. DevOps teams can manage large sets of applications and infrastructure with less complexity. NetOps teams can simplify app-to-app networking and security across clouds.