Issue virtual Visa cards quickly. Sign up →
Trust & compliance

The certifications behind every card you issue.

Virtual Card Maker runs on Zil Money's payment infrastructure. Here is what that infrastructure is certified, audited, and aligned against, item by item, and what each one actually covers.

9 standards, one platform Issued on the Visa network Reviewed by independent third-party auditors

Virtual Card Maker - Powered by Zil Money. Zil Money is a financial technology company, not a bank. Banking services are provided by our partner bank, Member FDIC. FDIC insurance applies only to eligible products with funds held at the partner bank, subject to applicable limits and requirements.

PCI DSS aligned
ISO 9001 Quality Management Certified
ISO 20000 IT Service Management Certified
ISO 27001 Information Security Management Certified
Aligned with NIST SP 800-53 controls
AICPA SOC for Service Organizations
AICPA SOC Service Organization Control Reports
HIPAA-aligned safeguards
CCPA requirements followed
Virtual Card Maker dashboard showing active cards and transaction activity
How this applies to you

Built on Zil Money's compliance program.

Virtual Card Maker is a service of Zil Money. The standards on this page are maintained at the Zil Money platform level, the same infrastructure that issues, processes, and settles every card on Virtual Card Maker. Card issuance, processing, and settlement happen through Zil Money's licensed banking partners.

Certifications

Nine standards, one platform.

Each item below covers a different part of how the platform is built, run, and reviewed, some are third-party certifications, some are independent auditor attestations, some are framework alignments. Here is what each one actually means, in plain terms.

PCI DSS aligned

PCI DSS

Card processing aligns with the Payment Card Industry Data Security Standard, the baseline for any company that accepts, processes, stores, or transmits card data. That means strong access controls, secure networks, and encrypted transmission and storage of cardholder data.

Applies to: Card issuance and transaction processing on Virtual Card Maker.
ISO 9001 Quality Management Certified

ISO 9001

Zil Money's quality management system is ISO 9001 certified, the international standard for consistent service delivery, documented processes, and continuous improvement.

Applies to: Zil Money's products and services, including Virtual Card Maker.
ISO 20000 IT Service Management Certified

ISO 20000

Zil Money's IT service management is ISO 20000 certified, the international standard for reliable, well-managed delivery of IT services, including how incidents and changes are handled.

Applies to: The IT service management behind the platform.
ISO 27001 Information Security Management Certified

ISO 27001

Zil Money's information security management system is ISO 27001 certified, the international standard for identifying, managing, and reducing risk to sensitive information.

Applies to: Zil Money's internal systems and customer-facing services.
Aligned with NIST SP 800-53 controls

NIST SP 800-53

Security controls are aligned with NIST SP 800-53, the federal framework for protecting information systems. It is a control framework rather than a pass/fail certification, and is commonly required in government and enterprise vendor reviews.

Applies to: Government and enterprise vendor due diligence.
AICPA SOC for Service Organizations

SOC 1, Type 1

An independent auditor's report on the controls behind financial transaction processing, the checks that confirm money moves the way it is supposed to and gets recorded correctly. The current report is a Type 1 engagement, a point-in-time assessment of control design.

Applies to: Financial transaction processing on the Zil Money platform.
AICPA SOC Service Organization Control Reports

SOC 2, Type 1

Evaluates controls against the AICPA Trust Services Criteria for security, availability, and confidentiality, how systems are protected from unauthorized access, kept running, and how sensitive data is restricted to authorized users. The current report is a Type 1 engagement, a point-in-time assessment of control design.

Applies to: The infrastructure Virtual Card Maker runs on.
HIPAA-aligned safeguards

HIPAA

Zil Money's underlying platform infrastructure maintains safeguards aligned with HIPAA's security requirements. Virtual card issuance itself does not involve processing protected health information; this reflects the security bar the infrastructure is held to, not a healthcare-specific service.

Applies to: Platform infrastructure alignment, inherited from Zil Money.
CCPA requirements followed

CCPA

Follows California Consumer Privacy Act requirements, as amended by the CPRA, giving California residents the right to know what personal data is collected, request its deletion, opt out of its sale or sharing, and limit use of sensitive personal information.

Applies to: All Virtual Card Maker users who are California residents.
FAQ

Common questions.

Does Virtual Card Maker itself hold these certifications?+
Virtual Card Maker is a service of Zil Money. These certifications and standards are maintained at the Zil Money platform level, the same infrastructure that issues, processes, and settles every Virtual Card Maker transaction.
What is PCI DSS and why does it matter for a card platform?+
PCI DSS is the security standard for any company that accepts, processes, stores, or transmits card data. It covers access control, network security, and encrypted transmission and storage of cardholder data, which lowers the risk of a data breach.
What does SOC 2 actually evaluate?+
SOC 2 evaluates a service organization's controls against the AICPA Trust Services Criteria for security, availability, and confidentiality, how systems are protected from unauthorized access, kept running, and how sensitive data is restricted to authorized users.
How often are these standards audited?+
SOC engagements and ISO certifications are each conducted by independent third-party auditors rather than self-assessed.
Can I request compliance documentation for vendor review?+
Yes. Reach out through our contact page and our team will help with what documentation is available for your specific vendor due diligence needs.

Issue your first card on certified infrastructure.

Get started online. Verify your business. Add money to your wallet. Make the card, backed by the same platform these standards describe.