Steps towards a PCI DSS certified infrastructure offer
The PCI DSS (Payment Card Industry Data Security Standard), issued by the PCI Security Standards Council, enables providers who handle confidential payment card data to assure banks and customers of their compliance with specific data security standards.
Since the implementation of its online payment service back in 2009, the group has continuously applied and improved physical and software security procedures. All of OVH's technical, organisational and human control points were audited by the QSA (Qualified Security Assessor) company Hervé Schauer Consultants (HSC by Deloitte since January 2015), and, as a result, are now certified as compliant with the PCI DSS.
This certification assures our customers that our environment is fully compliant with the PCI DSS and will be updated very frequently to remain compliant", explained Bertrand Hudzia, CIO of the group. "Today any customers who make payments on our websites are officially safeguarded by high-level security."
This recognition is an important milestone for the group, whose next step is to gain the PCI DSS certification for its Dedicated Cloud infrastructure for the benefit of its customers and their customers. The main beneficiaries will be online merchants with a cloud-based infrastructure. If these merchants install their own payment application on a PCI DSS certified OVH platform, for example, some of their control points will already be validated by the group. As a result, they will be able to gain PCI DSS accreditation for themselves more quickly. Lastly, the customers of online merchants will also benefit from secure online transactions."