The Payment Card Industry (PCI) needed to establish an international mechanism whereby stakeholders could create standards and resources related to data security. The PCI Security Standards Council (PCI SSC) was designed to fulfill this function and promote safer ways to make payments around the world.
PCI Security Standards (SS) are developed specifically to protect payment-account data throughout the payment lifecycle. They include standards for merchants, service providers and financial institutions on matters such as security practices, technologies and processes; as well as standards for developers and vendors for creating secure payment products and solutions.
PCI maintains the Payment Card Industry Data Security Standard (PCI DSS) as a set of best practices to protect cardholder data and prevent fraud. Compliance with PCI DSS is required for any organization that stores, processes or transmits credit card or cardholder data. Service providers may be assessed by a Qualified Security Assessor (QSA) who issues an Attestation of Compliance (AOC) upon completion of a successful assessment.
Reports and other documentation
Contact an IBM representative to request a PCI DSS AOC and SRM guide for any of the services listed below.
IBM is a Level 1 Service Provider for PCI DSS, and clients can build PCI-DSS-compliant environments and applications using IBM Cloud.
The services listed below have a PCI DSS Attestation of Compliance (AOC) issued by a Qualified Security Assessor (QSA), as well as a Service Responsibility Matrix (SRM) guide from IBM. Contact an IBM representative to request a PCI DSS AOC and SRM guide for any of the services listed below.
Services
- IBM Cloud Activity Tracker (via Mezmo)
- IBM Cloud App ID
- IBM Cloud Backup
- IBM Cloud Backup for VPC
- IBM Cloud Bare Metal
- IBM Cloud Bare Metal Servers for VPC
- IBM Cloud Block Storage
- IBM Cloud Block Storage for Virtual Private Cloud
- IBM Cloud Block Storage Snapshots for VPC
- IBM Cloud Container Registry
- IBM Cloud Databases for DataStax
- IBM Cloud Databases for Elasticsearch
- IBM Cloud Databases for EnterpriseDB
- IBM Cloud Databases for etcd
- IBM Cloud Databases for MongoDB
- IBM Cloud Databases for MySQL
- IBM Cloud Databases for PostgreSQL
- IBM Cloud Databases for Redis
- IBM Cloud Direct Link
- IBM Cloud Direct Link Connect (2.0)
- IBM Cloud Direct Link Dedicated (2.0)
- IBM Cloud DNS Services
- IBM Cloud File Storage
- IBM Cloud Flow Logs for VPC
- IBM Cloud for VMware Solutions (Dedicated)
- IBM Cloud Hardware Security Module
- IBM Cloud Internet Services Enterprise Package (via Cloudflare)
- IBM Cloud Internet Services Enterprise Usage (via Cloudflare)
- IBM Cloud Internet Services Standard (via Cloudflare)
- IBM Cloud Kubernetes Service and Red Hat® OpenShift® on IBM Cloud
- IBM Cloud Load Balancer
- IBM Cloud Messages for RabbitMQ
- IBM Cloud Object Storage
- IBM Cloud Object Storage (IaaS)
- IBM Cloud Platform - Core Services - IBM Cloud Identity and Access Management
- IBM Cloud Secrets Manager
- IBM Cloud Transit Gateway
- IBM Cloud Virtual Private Cloud
- IBM Cloud Virtual Private Cloud - Load Balancer for VPC: Application Load Balancer and Network Load Balancer
- IBM Cloud Virtual Private Cloud – VPN for VPC : Site-to-Site Gateway and Client-to-Site Server
- IBM Cloud Virtual Private Endpoint for VPC
- IBM Cloud Virtual Servers
- IBM Cloud Virtual Server for VPC
- IBM Cloud Virtual Server for VPC - Auto Scale for VPC
- IBM Cloud Virtual Server for VPC - Dedicated Host for VPC
- IBM Cloudant for IBM Cloud
- IBM Event Streams for IBM Cloud Enterprise
- IBM Event Streams for IBM Cloud Standard
- IBM Key Protect for IBM Cloud
- IBM Log Analysis (via Mezmo)
- IBM Power Virtual Server on IBM Cloud
- IPSec VPN
- SAP-Certified Cloud Infrastructure