Payment Card Industry Data Security Standard (PCI DSS) compliance is a requirement for any business that stores, processes, or transmits payment card data. Developed by the major credit card companies, the PCI DSS defines measures for ensuring data protection and consistent security processes and procedures around online financial transactions. Businesses that fail to maintain PCI DSS compliance are subject to steep fines and penalties.

PCI DSS Compliance Mandates

As formulated by the PCI Security Standards Council, the mandates of PCI DSS compliance include:

  • Developing and maintaining a security policy that covers all aspects of the business Installing firewalls to protect data
  • Encrypting cardholder data that is transmitted over public networks Using anti-virus software and updating it regularly
  • Establishing strong passwords and other cyber security protocols
  • Enforcing rigid access controls and monitoring access to account data

For large merchants that conduct high volumes of online financial transactions, PCI DSS compliance is enforced by annual validations performed by an independent Qualified Security Assessor (QSA).

For PCI compliance Akamai performs a quarterly third-party external penetration test of the Secure CDN. Results of these quarterly penetration tests, and compliance documentation and/or certification are available for customers under NDA.

The Attestation of Compliance (AoC) serves as evidence for our customers that Akamai's Secure CDN is compliant with the PCI DSS v. 3.2.1 security standard. This AoC is effective as of June 27, 2019 and is located here. The Responsibility Matrix is also available here.