AffSpot Forum Album Pictures

affiliate marketing blog

AffSpot Menu

Catagories

AffSpot Blog Sponsor

Past Posts

AffSpot Affiliate Forum

AffSpot Tweets

AddsTravel Affiliate of the Month, May 2010: From the AffSpot Affiliate NewsRoom (http://www.affspot.com) A... http://bit.ly/91ySRc 2010-11-08
Hannah?s Christmas Wish List: Affiliate News from Existem UK in the AffSpot Affiliate Forum (http://www.affspot.... http://bit.ly/aDbFCb 2010-11-08
Predicted Top Sellers at Wellgosh: Affiliate News from Existem UK in the AffSpot Affiliate Forum (http://www.aff... http://bit.ly/cQryto 2010-11-08
Back From Adtech NYC: Convert2Media News from the AffSpot Affiliate Forums (http://www.affspot.com) Finally b... http://bit.ly/bzWtjF 2010-11-07
More updates...

Terms of Endearment

AWS Credits coupons
PCI level 1
AWS Credit Coupon
amazon aws credit coupon
f
how to get AWS Credit Coupon
pci compliance aws
ec2 affiliate program
amazon ec2 affiliate
amazon aws coupon
amazon payments pci
coupon de crédit aws
aws amazon credit coupon
aws pci compliant
0
aws credit coupon codes
aws PCI
AWS Credit Coupon
aws pci compliance
amazon aws pci
seo forum

Amazon Confirms EC2/S3 Not PCI Level 1 Compliant

Part of scottm's adventure in Security

I found this first on Slashdot.. Then looking into my own Amazon AWS tracks I was even in this AWS discussion a couple days ago wondering the same thing.

The short of it is that if your running Amazon AWS with a shopping cart.. You’d better not be storing customer credit card data on it.

Jason posed the question “Is Amazon AWS PCI Compliant?” and he received two honest and to the point answers from Amazon. Which reveals yet another reason shy Amazon Payments, Google Payments, or PayPal should be used when your using AWS.

Here’s what Amazon has to say about it:

Thank you for contacting Amazon Web Services. Our payment system is PCI compliant and it is an “alternative payment processing service” meaning your users re-direct to our platform to conduct the payment event using their credit cards or bank accounts. The benefit for you is that we handle all the sensitive customer data so you don’t have to. If you haven’t looked at it, I highly suggest you check out the features and functions of our Flexible Payment Service and our Payment Widgets ( http://aws.amazon.com/fps).

As for PCI level 2 compliance, that requires external scanning via a 3rd party, PCI-approved vendor. It is possible for you to build a PCI level 2 compliant app in our AWS cloud using EC2 and S3, but you cannot achieve level 1 compliance. And you have to provide the appropriate encryption mechanisms and key management processes. If you have a data breach, you automatically need to become level 1 compliant which requires on-site auditing; that is something we cannot extend to our customers. This seems like a risk that could challenge your business; as a best practice, I recommend businesses always plan for level 1 compliance. So, from a compliance and risk management perspective, we recommend that you do not store sensitive credit card payment information in our EC2/S3 system because it is not inherently PCI level 1 compliant. It is quite feasible for you to run your entire app in our cloud but keep the credit card data stored on your own local servers which are available for auditing, scanning, and on-site review at any time.

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

Start discussion.....