March 30, 2020 By Stephanie Schmader
Gopal Indurkhya
2 min read

IBM Cloud PCI DSS Guidance provides the framework for how clients can deploy PCI DSS compliant systems and applications on IBM public cloud.

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the global adoption of consistent security measures. PCI DSS provides a baseline of technical and operational requirements designed to protect account information (including card number, expiration date, and verification data).

The IBM Cloud PCI DSS guide includes a high-level overview of PCI DSS requirements, a responsibility matrix summary, and example architectures to help clients deploy and operate a payment processing system to properly handle credit card data in a secure, compliant environment on IBM Cloud. 

Example architecture end-to-end secure flow for a sample IBM Cloud Kubernetes Service application

This guide is intended for IBM Cloud clients who require their IBM Cloud environment and related applications to be PCI DSS-compliant. Readers should be familiar with the latest PCI DSS requirements, as well as have some background on IBM Cloud Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) architecture.

IBM Cloud clients must independently analyze their particular environments and use cases in order to verify that their own control environment meets the requirements set forth by the PCI Security Standards Council (SSC) and cannot rely solely on this guide. No information in this guide can, or is intended to, supplant any guidance provided to the client by a Qualified Security Assessor (QSA,) the PCI SSC, or the entity’s acquirer.

Learn more

More from Security

Data protection strategy: Key components and best practices

8 min read - Virtually every organization recognizes the power of data to enhance customer and employee experiences and drive better business decisions. Yet, as data becomes more valuable, it's also becoming harder to protect. Companies continue to create more attack surfaces with hybrid models, scattering critical data across cloud, third-party and on-premises locations, while threat actors constantly devise new and creative ways to exploit vulnerabilities. In response, many organizations are focusing more on data protection, only to find a lack of formal guidelines and…

What you need to know about the CCPA draft rules on AI and automated decision-making technology

9 min read - In November 2023, the California Privacy Protection Agency (CPPA) released a set of draft regulations on the use of artificial intelligence (AI) and automated decision-making technology (ADMT). The proposed rules are still in development, but organizations may want to pay close attention to their evolution. Because the state is home to many of the world's biggest technology companies, any AI regulations that California adopts could have an impact far beyond its borders.  Furthermore, a California appeals court recently ruled that…

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters