*Merchants, enterprises, and service providers can now implement a cardholder environment on AWS that complies with PCI Data Security Standard*
SEATTLE, Dec 07, 2010 (BUSINESS WIRE) — Amazon Web Services LLC (AWS), a subsidiary of Amazon.com, Inc., today announced it has achieved Level 1 compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Merchants and other service providers can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. Customers can use AWS cloud infrastructure, which has been validated at the highest level (Level 1) of PCI compliance, to build their cardholder environment and achieve PCI certification for their applications. To learn more about AWS security certifications and other AWS security practices, visit https://aws.amazon.com/security/.
PCI DSS is a multifaceted payment card security standard that evaluates security management, policies, procedures, network architecture, software design and other critical protective measures. To achieve a Validated Level 1 Service Provider Status, AWS commissioned a third party examination by a Qualified Security Assessor (QSA) to validate compliance with PCI DSS version 2.0. The Level 1 requirement applies to any provider who stores, processes or transmits more than 300,000 transactions annually.
“Security has always been and will continue to be our number one priority,” said Steve Schmidt, Chief Information Security Officer, Amazon Web Services. “By pursuing certifications and third party attestations like ISO 27001, SAS 70 Type II, FISMA, and now the PCI DSS service provider validation, we’re able to give customers continued assurance that the AWS cloud is a trustworthy and secure platform on which to build and deploy business-critical applications that demand rigorous security controls and regulatory compliance.”