Amazon Confirms EC2/S3 Not PCI Level 1 Compliant

Amazon Confirms EC2/S3 Not PCI Level 1 Compliant 157

Posted by timothy on Monday August 17, 2009 @02:31AM from the division-of-resources dept.

Jason writes "After months of digging though speculation and polar opposite opinions from PCI experts, I finally sent a direct request to Amazon's AWS sales team asking if they are in fact PCI compliant and will provide documentation attesting that they are as is required by PCI guidlines. I fully expecting them to dodge the question and refer me to a QSA, but to my relief, they replied with a refreshingly honest and absolute confirmation that it is currently impossible to meet PCI level 1 compliance using AWS services for card data storage. They also very strong suggest that cardnumbers never be stored on EC2 or S3 as those services are inherently noncompliant. For now at least, the official verdict is if you need to process credit cards, the Amazon cloud platform is off the table."

Amazon Confirms EC2/S3 Not PCI Level 1 Compliant

This discussion has been archived. No new comments can be posted.

Search 157 Comments Log In/Create an Account

Comments Filter:

Good thing... (Score:5, Funny)

by Anonymous Coward writes: on Monday August 17, 2009 @02:38AM (#29088937)

I'm glad this was posted to slashdot. Now I know not to buy the EC2 or S3 cards for my machine. I mean, if they're not PCI compliant, I'm going to guarantee they don't have FOSS linux kernel drivers. The PCI spec is so old anyway. Any word on when Amazon will make new boards compliant to PCIE with FOSS drivers? Someone who knows, please post a reply.

Consideration (Score:5, Funny)

by jasomill ( 186436 ) writes: on Monday August 17, 2009 @02:47AM (#29088975)

After months of digging though speculation and polar opposite opinions from PCI experts, I finally sent a direct request to Amazon's AWS sales team asking if they are in fact PCI compliant

It's awfully considerate of you to invest large amounts of effort in research to avoid bothering the sales team with, you know, sales inquiries.

Who would have tought? (Score:5, Funny)

by netpixie ( 155816 ) writes: on Monday August 17, 2009 @02:49AM (#29088981) Homepage

It sounds like they really are behind the times. I mean, not even PCI compliant, I'd have expected at least AGP or PCI-X as a bare minimum.
Mind you, I wonder if this is an old story as I'm fairly sure S3 stopped making video cards many years ago.
On another point, I too have often turned to the Queensland Swimming Association for all of my questions about All Women Shortlists, I find they are very knowledgeable.

Re:well, duh... (Score:2, Funny)

by Opportunist ( 166417 ) writes: on Monday August 17, 2009 @03:00AM (#29089025)

Cue PHB: "Respect for what? Does that bring money?"

Re:Who would have tought? (Score:5, Funny)

by ubernostrum ( 219442 ) writes: on Monday August 17, 2009 @03:53AM (#29089191) Homepage

I once experimented with producing summaries that people like you might appreciate [reddit.com]. Turns out they don't work so well.

Re:Good thing... (Score:3, Funny)

by will_die ( 586523 ) writes: on Monday August 17, 2009 @06:35AM (#29089725) Homepage

Maybe to the young whippersnappers to the true ancient geeks it will always be the Protocol Control Indicator.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Amazon Confirms EC2/S3 Not PCI Level 1 Compliant 157

Amazon Confirms EC2/S3 Not PCI Level 1 Compliant More Login

Amazon Confirms EC2/S3 Not PCI Level 1 Compliant

Good thing... (Score:5, Funny)

Consideration (Score:5, Funny)

Who would have tought? (Score:5, Funny)

Re:well, duh... (Score:2, Funny)

Re:Who would have tought? (Score:5, Funny)

Re:Good thing... (Score:3, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot