Financial Crime World

Here is the rewritten article in Markdown format:

Alibaba Cloud Complies with Payment Card Industry Data Security Standard (PCI DSS) in China

In a move aimed at ensuring the security of payment card information in China, Alibaba Cloud has announced its compliance with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a global standard for securing payment card data and is administered by the PCI Security Standards Council.

Compliance Requirements

The PCI DSS requires entities that store, process or transmit payment card information to maintain a secure environment for the protection of affiliated payment card account data. Alibaba Cloud engaged with a PCI SSC Approved Qualified Security Assessor (QSA) to conduct an annual onsite assessment, achieving PCI DSS v3.2.1 level 1 certification.

Assessment Scope

The scope of the assessment includes cloud products, security services and CDN services available in 12 global regions, including Hong Kong. The Attestation of Compliance report is available for download on Alibaba Cloud’s website.

Shared Responsibility

Compliance with PCI DSS requirements does not mean that customers also meet the requirements. Alibaba Cloud and its customers share a joint responsibility for the security of customer applications built on the platform. Customers are responsible for:

  • Configuring and using cloud-based products in a secure manner
  • Building their own cloud-based applications and services in a secure and controllable manner

Resources for Compliance

Alibaba Cloud provides a range of resources to help customers comply with PCI DSS, including:

Conclusion

The move is seen as a significant step towards enhancing the security of payment card information in China and demonstrates Alibaba Cloud’s commitment to providing a secure cloud service platform for its customers.