IBM Cloud® compliance: PCI DSS
Illustration showing a person interacting with a computer interface, behind which are various documents and a miniature skyscraper
What is PCI DSS?

The Payment Card Industry (PCI) needed to establish an international mechanism whereby stakeholders could create standards and resources related to data security. The PCI Security Standards Council (PCI SSC) was designed to fulfill this function and promote safer ways to make payments around the world.

PCI Security Standards (SS) are developed specifically to protect payment-account data throughout the payment lifecycle. They include standards for merchants, service providers and financial institutions on matters such as security practices, technologies and processes; as well as standards for developers and vendors for creating secure payment products and solutions.

PCI maintains the Payment Card Industry Data Security Standard (PCI DSS) as a set of best practices to protect cardholder data and prevent fraud. Compliance with PCI DSS is required for any organization that stores, processes or transmits credit card or cardholder data. Service providers may be assessed by a Qualified Security Assessor (QSA) who issues an Attestation of Compliance (AOC) upon completion of a successful assessment. 


Reports and other documentation

Contact an IBM representative to request a PCI DSS AOC and SRM guide for any of the services listed below.

IBM position

IBM is a Level 1 Service Provider for PCI DSS, and clients can build PCI-DSS-compliant environments and applications using IBM Cloud.

The services listed below have a PCI DSS Attestation of Compliance (AOC) issued by a Qualified Security Assessor (QSA), as well as a Service Responsibility Matrix (SRM) guide from IBM. Contact an IBM representative to request a PCI DSS AOC and SRM guide for any of the services listed below.


Resources IBM Cloud PCI DSS Guidance

Go under-the-hood to see how PCI DSS works in this IBM Cloud Compliance Guide.

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs