Amazon Confirms EC2/S3 Not PCI Level 1 Compliant

Posted by timothy on Sunday August 16, 2009 @06:31PM from the division-of-resources dept.

Jason writes "After months of digging though speculation and polar opposite opinions from PCI experts, I finally sent a direct request to Amazon's AWS sales team asking if they are in fact PCI compliant and will provide documentation attesting that they are as is required by PCI guidlines. I fully expecting them to dodge the question and refer me to a QSA, but to my relief, they replied with a refreshingly honest and absolute confirmation that it is currently impossible to meet PCI level 1 compliance using AWS services for card data storage. They also very strong suggest that cardnumbers never be stored on EC2 or S3 as those services are inherently noncompliant. For now at least, the official verdict is if you need to process credit cards, the Amazon cloud platform is off the table."

1 of 157 comments (clear)

Min score:

Reason:

Sort:

Re:Good thing... by Anonymous Coward · 2009-08-16 18:56 · Score: 0, Offtopic

They admit the EC2/S3 isn't PCI compliant, so that probably rules out AGP, but that doesn't necessarily imply that they're not PCI-X or PCI Express. Personally I hope they'll release a PCIe x16 version. :)
p.s. Why is this crap on the front page?