PCI-DSS Compliance Using Microsoft Azure

Most of us know someone who’s experienced credit card fraud. In fact, a recent survey by CreditCard.com showed that 44% of U.S. adults have received a fraud alert for their credit or debit card in 2017. That’s up 15% since 2015.

The spike in fraud alerts is a good thing. Because our entire credit card ecosystem – every touch point along the payment card processing trail, “including merchants, processors, acquirers, issuers, and service providers” – is covered by the Payment Card Industry Data Security Standard (PCI-DSS) compliance protocol, according to the PCI Security Standards Council. PCI-DSS comprises a minimum set of requirements for protecting account data from credit card fraud – from on-prem credit card machines to traversing public networks – achieving PCI-DSS compliance guarantees all participants that a critical standard of account data security is met.

Importantly, PCI-DSS also applies to “all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD),” according to the PCI Security Standards Council’s Requirements and Security Assessment Procedures v. 3.2 (registration required to view this document).

The following is a high level overview:

PCI Data High Level Overview

Caption: PCI Data High Level Overview

The PCI-DSS framework – via PCI Security Standards Council’s Requirements and Security Assessment Procedures v. 3.2

That’s where PCI-DSS compliance from Atmosera and Microsoft Azure comes in.

Azure Offers PCI-DSS Compliance

Microsoft Azure is certified as compliant under PCI-DSS version 3.2 (the latest version) at Service Provider Level 1, which is the highest volume of transactions (at more than 6 million transactions a year). Microsoft’s Trust Center reports that Azure “completes an annual PCI-DSS assessment using an approved Qualified Security Assessor (QSA). The auditor reviews the Azure environment, which includes validating the infrastructure, development, operations, management, support, and in-scope services.”

Microsoft states further, however, that “Azure PCI-DSS compliance status does not automatically translate to PCI-DSS certification for the services that customers build or host on the Azure platform. Customers are responsible for ensuring that they achieve compliance with PCI-DSS requirements.” Atmosera clients enjoy complete and secure PCI-DSS compliance using Microsoft Azure

Atmosera Architects and Operates PCI-DSS Compliant Environments for Customers

Atmosera ensures compliance by following a number of critical security frameworks, including PCI-DSS. We have experienced rapid growth in healthcare, financial and technology markets, all of whom demand the highest standards of compliance – from HIPAA/HITECH and HITRUST to IRS-1075 compliance standards. We even developed the first Secure Delete application for Azure storage as a result of the demand by customers to deliver better assurances that data is permanently deleted from cloud deployments.

Our Vice President of Information Security, Ray Espinoza, is responsible for Information Security (InfoSec) and compliance initiatives in support of our customer deployments and secure cloud implementations. Ray has extensive experience with security risk management, security incident response, monitoring, and cyber threats; having worked for a number of high profile technology companies – including Cisco and eBay.

In the PCI-DSS framework above, Atmosera ensures protections in every touch point along the way. Atmosera integrates compliance frameworks from onboarding to implementation, from private to public cloud initiatives, and every step between.

We deliver solutions that accelerate the value of Azure.

Ready to experience the full power of Microsoft Azure?

Start Today

Blog Home

Stay Connected

Upcoming Events

All Events