Virtual Card Maker runs on Zil Money's payment infrastructure. Here is what that infrastructure is certified, audited, and aligned against, item by item, and what each one actually covers.
Virtual Card Maker - Powered by Zil Money. Zil Money is a financial technology company, not a bank. Banking services are provided by our partner bank, Member FDIC. FDIC insurance applies only to eligible products with funds held at the partner bank, subject to applicable limits and requirements.
Virtual Card Maker is a service of Zil Money. The standards on this page are maintained at the Zil Money platform level, the same infrastructure that issues, processes, and settles every card on Virtual Card Maker. Card issuance, processing, and settlement happen through Zil Money's licensed banking partners.
Each item below covers a different part of how the platform is built, run, and reviewed, some are third-party certifications, some are independent auditor attestations, some are framework alignments. Here is what each one actually means, in plain terms.
Card processing aligns with the Payment Card Industry Data Security Standard, the baseline for any company that accepts, processes, stores, or transmits card data. That means strong access controls, secure networks, and encrypted transmission and storage of cardholder data.
Zil Money's quality management system is ISO 9001 certified, the international standard for consistent service delivery, documented processes, and continuous improvement.
Zil Money's IT service management is ISO 20000 certified, the international standard for reliable, well-managed delivery of IT services, including how incidents and changes are handled.
Zil Money's information security management system is ISO 27001 certified, the international standard for identifying, managing, and reducing risk to sensitive information.
Security controls are aligned with NIST SP 800-53, the federal framework for protecting information systems. It is a control framework rather than a pass/fail certification, and is commonly required in government and enterprise vendor reviews.
An independent auditor's report on the controls behind financial transaction processing, the checks that confirm money moves the way it is supposed to and gets recorded correctly. The current report is a Type 1 engagement, a point-in-time assessment of control design.
Evaluates controls against the AICPA Trust Services Criteria for security, availability, and confidentiality, how systems are protected from unauthorized access, kept running, and how sensitive data is restricted to authorized users. The current report is a Type 1 engagement, a point-in-time assessment of control design.
Zil Money's underlying platform infrastructure maintains safeguards aligned with HIPAA's security requirements. Virtual card issuance itself does not involve processing protected health information; this reflects the security bar the infrastructure is held to, not a healthcare-specific service.
Follows California Consumer Privacy Act requirements, as amended by the CPRA, giving California residents the right to know what personal data is collected, request its deletion, opt out of its sale or sharing, and limit use of sensitive personal information.
Get started online. Verify your business. Add money to your wallet. Make the card, backed by the same platform these standards describe.