In the current healthcare environment, more customers than ever are shopping from home and businesses are responding by rapidly deploying cloud-based e-commerce solutions. Azure supports these companies in meeting their customers’ requirements in a robust, adaptable and scalable manner E-commerce solutions that processes transactions quickly and securely.
Security is of the utmost importance for both e-commerce providers and customers. We’re always working to make Azure as secure as possible.
Today we announce that Azure is one of the first hyperscale cloud service providers to receive Payment Card Industry Three-Domain Secure (PCI 3DS) certification.
Azure commissioned a qualified 3DS assessor company to evaluate the PCI 3-D Secure Environment (3DE) of Azure according to the PCI 3DS Core security standard. The PCI 3DS Core Security provides a framework for implementing security controls that support the integrity and confidentiality of card-less transactions using the EMV 3-D Secure (3DS) messaging protocol. EMV 3DS provides an additional layer of security for cardless transactions by allowing cardholders to authenticate with their card issuers before making online transactions.
The Azure cloud platform offers various product offerings that customers can use to support their own PCI 3DS payment solutions. Although the Azure cloud platform does not manage 3DS domains or their functions, Azure customers can implement their own 3D secure environment (3DE) on the Azure cloud platform with the PCI-3DS certification from Azure and keep track of their prevent your own PCI-3DS certification.
Azure’s PCI 3DS certification offers great news for customers looking to build more secure e-commerce solutions while complying with the PCI 3DS Core Security Standard.
Customers can download the Azure PCI 3DS 1.0 package Here is all of the information required to take advantage of Azure’s PCI 3DS certification, including the following documents:
• Azure PCI 3DS Shared Responsibility Matrix
• Azure PCI 3DS white paper
• Azure PCI 3DS Certificate of Conformity
Azure PCI 3DS Common Accountability Matrix
The shared responsibility matrix for Azure PCI 3DS describes the scope of assessment of Azure PCI 3DS and illustrates the PCI 3DS compliance responsibilities for Azure and its customers. It is intended to be used by Azure customers and their compliance advisors to understand the scope of the Azure PCI 3DS assessment and what is expected of the responsibilities in using Azure services as part of the customer’s 3DE.
Understanding the shared responsibility for implementing security controls in a cloud environment is critical for customer creation systems and the use of services in Azure. The Azure PCI 3DS matrix for shared responsibility supports Azure customers in the implementation and documentation of security controls for an Azure-based system by clearly defining the responsibilities of the individual PCI 3DS requirements. Implementing a particular security control may be the responsibility of Azure, the responsibility of Azure customers, or a shared responsibility between Azure and its customers.
Azure PCI 3DS white paper
Our new one White paper on the Microsoft Azure cloud platform for PCI 3DS provides Azure PCI 3DS customers with guidance on the PCI 3DS Core Security Standard and how to use Azure 3DE to implement a 3DE on the Azure cloud platform. The paper was produced by on behalf of Microsoft Azure Coal fire systemswho conducted assessment activities such as document reviews, employee interviews, and data center walkthroughs to validate Azure 3DE against the PCI 3DS Core Security Standard 1.0. This document also examines the relationship between the PCI Data Security Standard (PCI DSS) and the 3DS Core Security Standard and defines the responsibilities that Azure and its customers have in common to meet the requirements of the PCI 3DS Core Security Standard.
Azure PCI 3DS Certificate of Conformity
Azure’s PCI 3DS Attestation of Compliance (AoC) provides evidence that Azure complies with the PCI 3DS Core Security Standard based on an assessment made by and accessible by a qualified 3DS auditor Service Trust Portal. Azure’s PCI 3DS AoC was released on January 29, 2021.
Notes on PCI 3DS deployment in Azure
Customers should note that different cloud service models affect the division of responsibilities between Azure and its customers. Azure does not directly perform the functions of a 3DS Server (3DSS), 3DS Directory Server (DS), or 3DS Access Control Server (ACS), and Azure customers can host their own 3DS environment on Azure using the services offered. It is the customer’s responsibility to assess and understand their full responsibility for implementing security controls and to ensure that security controls are implemented in accordance with their compliance obligations.
A 3DS company can outsource the hosting and management of its HSM (Hardware Security Module) infrastructure to a third party if the relevant requirements are met. Entities that perform 3DS functions and use the Azure environment to host their 3DE are still subject to the PCI 3DS Core Security Standard and must have their environment audited for any applicable requirements.
Microsoft continues to lead the way in e-commerce solutions to harness the power of the cloud. Our e-commerce platform allows you to analyze website traffic and conversion rates for browsing and buying in order to define special offers and new products based on customer behavior. Create personalized shopping experiences with targeted content and offers and increase satisfaction through continuous engagement – before, after and at the point of sale. As demand for your product or service increases – predictably or unpredictably – you should be prepared to automatically handle more customers and more transactions.