The problem of regulatory PCI compliance in public cloud such as AWS applies more to small and medium size companies than enterprises. For example, if you are a Bank or financial institution then you can spend sizable sum on assessing yourself for PCI compliance and work with leading auditing firm to achieve the same. However it becomes challenging for small companies running payment applications or infrastructure on foundation services such as EC2 (Elastic Cloud Compute) and S3 (Simple Storage Service). AWS clearly states that you can get a completely PCI compliant infrastructure on EC2 […]
The Payment Card Industry (PCI) has developed security standards for handling cardholder information in a published standard called the PCI-DSS Data Security Standard (DSS). The security requirements defined in the DSS apply to all members, merchants, and service providers that store, process or transmit cardholder data.
The PCI-DSS requirements apply to all system components within the payment application environment which is defined as any network device, host, or application included in, or connected to, a network segment where cardholder data is stored, processed or transmitted.
The purpose of this document is to guide help software development […]