Technical and Product News and Insights from Rackspace
The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized regulation that protects consumer credit card information from theft and disclosure. It applies to all organizations that store, process, or transmit credit card information—even if it’s just a few transactions each year.
Although PCI DSS applies to all businesses that accept or process payment cards, the requirements vary. For example, if your organization processes more than six million transactions a year, it must adhere to PCI Level 1 compliance modules. If it processes fewer than 20,000, the requirements are less stringent.
A merchant’s PCI level depends on how many card transactions they handle each year:
For PCI Level 1 compliance, you need to meet 12 distinct modules and address 200+ individual items within those modules.
Besides having internal staff certified to conduct PCI audits and network testing, you might need to reach out to a Qualified Security Assessor (QSA) or Approved Scanning Vendor (ASV) for additional assistance.
A QSA is a PCI-certified organization that can help you identify and meet compliance conditions. Your QSA performs the following tasks:
An ASV is an organization certified by the PCI council, through stringent testing of its own, to scan your perimeter and any cardholder assets. These include any internet-facing assets used to store, process, or transmit credit card information. Your ASV typically runs a quarterly or annual scan, but you can request more scans over time—such as when you’re implementing remediation efforts or trying to correct compliance issues.
Achieving compliance is not just about ticking a box. The steps you take along the way can make your business more secure and less vulnerable to attackers. Noncompliance, on the other hand, can result in steep consequences, including the following:
Simply choosing a PCI-compliant public cloud platform doesn’t automatically make your organization PCI compliant. While your public cloud service provider (CSP) is responsible for the infrastructure and how the environment is used, you’re responsible for your applications that store, process, or transmit payment card data. PCI compliance is a shared responsibility between you and your CSP.
By working closely with your CSP, you can achieve PCI compliant hosting on the public cloud by doing the following tasks:
It can be challenging to maintain PCI compliance as your organization, network, and infrastructure change—and as your business needs evolve and grow. You must have a CSP that works with you and provides the cloud security expertise you need to answer your questions and solve problems.
Let our multicloud security and compliance specialists work with you to understand your challenges and goals and build a path to your desired outcomes. Our expertise across public clouds means you can address your PCI compliance needs more efficiently across AWS®, Google Cloud Platform®, and Microsoft® Azure® public clouds. Get started today.
Use the Feedback tab to make any comments or ask questions. You can also click Sales Chat to chat now and start the conversation.