Google today announced that its Cloud Platform is now in compliance with the Payment Card Industry (PCI) Data Security Standards (DSS). This means developers can now hold, process and exchange credit card information from branded credit cards on Google’s cloud computing platform without running afoul of existing regulations.
Until now, Google advised its users that its cloud service wasn’t meant to process or store credit card information. It’s important to remember that just because Google is now compliant, developers can’t just suddenly store all of this information on Google’s servers. It does mean, however, that developers can now use Google’s platform to build their own compliant solutions.
Google’s reference customer for today’s news is WePay (which also today announced that it is using Google as its public cloud provider). “Google Cloud Platform will enable WePay to process our partners’ transactions in a fully scalable, highly available environment with robust security features,” said David Nye, the Director of DevOps at WePay, in a canned statement today. “The new PCI DSS certification that Google Cloud Platform has achieved enables WePay to dynamically grow our infrastructure as fast as our business and our partners’ businesses demand.”
It’s worth noting that Microsoft’s Azure is also PCI-compliant, as is Amazon Web Services.