The Payment Card Industry Data Security Standard (also known as PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

PCI DSS applies to all entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

IVR Lab utilizes Amazon Web Services (AWS) for a substantial portion its computing, processing and storage requirements. AWS has been PCI DSS Certified since 2010. As of July 11, 2016, an external Qualified Security Assessor Company (QSAC), Coalfire Systems Inc. has validated that Amazon Web Services (AWS) successfully completed PCI Data Security Standards 3.2 Level 1 Service Provider assessment and were found to be compliant.

We commit to the highest legal and ethical principles in the conduct of all aspects of our business. Our security measures include network firewalls, web application firewalls, data encryption and access restrictions.

As a general rule, IVR lab does not process or store customer credit card information and thus is exempt in the vast majority of cases. IVR Lab utilizes third-party merchant providers like Stripe and First Data or customers’ own merchant provider to process transactions. All these transactions are processed on third-party platforms.

According to Amazon Web Services, their being a PCI DSS “Compliant” Service Provider means that customers who use AWS products and services to store, process or transmit cardholder data can rely on their technology infrastructure.