PCI DSS
The PCI DSS ensures that organizations that accept or process payment transactions incorporate a set of operational and technical requirements help protect the safety of that data. The developed framework aims to payment data security breaches and fraud in entities that possess card holder data (CHD). This encompasses software developers and manufacturers of applications and devices used in those transactions.
How does it take form in Cloud Computing
The Payment Card Industry Data Security Standard (PCI DSS) provides a detailed, 12 requirements structure for securing cardholder data that is stored, processed and/ or transmitted by merchants and other organizations.
| Goals | Requirement | Controls |
| Build and Maintain a Secure Network and Systems | 1. Install and maintain a firewall configuration to protect cardholder data | 19 |
| 2. Do not use vendor-supplied defaults for system passwords and other security parameters | 10 | |
| Protect Cardholder Data | 3. Protect stored cardholder data | 19 |
| 4. Encrypt transmission of cardholder data across open, public networks | 3 | |
| Maintain a Vulnerability Management Program | 5. Protect all systems against malware and regularly update anti-virus software or programs | 5 |
| 6. Develop and maintain secure systems and applications | 25 | |
| Implement Strong Access Control Measures | 7. Restrict access to cardholder data by business need to know | 8 |
| 8. Identify and authenticate access to system components | 21 | |
| 9. Restrict physical access to cardholder data | 20 | |
| Regularly Monitor and Test Networks | 10. Track and monitor all access to network resources and cardholder data | 28 |
| 11. Regularly test security systems and processes | 12 | |
| Maintain an Information Security Policy | 12. Maintain a policy that addresses information security for all personnel | 34 |
System components include network devices (both wired and wireless), servers and applications. Virtualization components and subset of system components comprises of VMs, virtual switches/routers, appliances, applications/desktops, and hypervisors within PCI DSS.
Even if a cloud service provider environment is vetted for certain PCI DSS requirements, this validation does not automatically apply to the customer environments within that cloud service.
Is Tata Communications PCI-DSS Compliant?
Tata Communications Ltd. is a Service Provider focusing Infrastructure as Service (IaaS) where hardware and network infrastructure is assessed.
TCL does not directly store, transmit or process any cardholder data (CHD) and sensitive Authentication Data (SAD), however its customers may create / set up their own data environment which can be considered as CDE with required tool and configuration that can store, transmit or process cardholder data.
All processing, transmission, storage and protection of customer’s data including CHD is neither responsibility of the entity as the entity doesn’t have Authorization to access their customer premise nor provide PCIDSS required tools for customers to meet PCI DSS compliance.
Following services are covered as part of the infrastructure environment:
| NTP | AV | VPN | SysLog |
| Monitoring | DHCP | DNS | FIM |
| AD | Patch Management | VCenter | Proxy |
ABOUT PCI DSS
The Payment Card Industry Security Standards Council is a global open body founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
Other certifications
We offer a wealth of experience and a wide portfolio of products designed to help your business grow. Discover more exciting opportunities and create a truly bespoke solution.
Frequently asked questions
What is PCI DSS compliance?
PCI DSS compliance refers to meeting the global Payment Card Industry Data Security Standard, which protects cardholder data during storage, processing, and transmission. It ensures organisations handling payment transactions follow strict security controls to prevent breaches and fraud, helping businesses maintain trust and safeguard sensitive financial information.
What are the key requirements of PCI DSS for secure payment processing?
-
Maintain secure firewalls and configurations
-
Never use vendor-supplied default passwords
-
Protect stored cardholder data
-
Encrypt cardholder data during transmission
-
Use and update anti-virus protections
-
Develop and maintain secure applications
-
Restrict access based on business need
-
Ensure unique IDs for system access
How does Tata Communications’ Vayu Cloud provide PCI DSS certified cloud solutions?
Tata Communications offers a PCI DSS-compliant cloud infrastructure where the underlying hardware, network, and platform components follow PCI DSS controls. While we do not store or process cardholder data ourselves, our Vayu Cloud environment provides secure infrastructure, covering VPN, monitoring, DNS, patching, logging, and firewalls, enabling customers to build PCI DSS-ready environments.
What is required for PCI DSS compliance?
-
Implement all 12 PCI DSS security requirements
-
Protect cardholder data with encryption and secure storage
-
Control and limit access to sensitive information
-
Maintain up-to-date systems and malware defences
-
Monitor, log, and audit network activity
-
Conduct regular vulnerability scans and penetration tests
-
Enforce strong policies and staff awareness training
What benefits do businesses gain from using Tata Communications’ PCI DSS-compliant cloud solutions?
-
Secure infrastructure aligned with PCI DSS compliance
-
Reduced risk of data breaches and fraud
-
Increased customer trust in payment security
-
Support for building PCI-ready cardholder data environments
-
Scalable and reliable PCI DSS-compliant cloud architecture
-
Strong monitoring, logging, and network protection tools
What’s next?
Experience our solutions
Engage with interactive demos, insightful surveys, and calculators to uncover how our solutions fit your needs.
Exclusively for You
Stay updated on our Cloud Fabric and other platforms and solutions.
Disclaimer: IZO™ Cloud is now Tata Communications Vayu Cloud. TATA COMMUNICATIONS VAYU branded services are available in India only.