A PCI PIN Attestation of Compliance published by Amazon Web Services shows that AWS Payment Cryptography was validated against the PCI PIN standard with zero findings and that an updated compliance package is now accessible through the AWS compliance portal.
KEY FACTS
- Update Updated PCI PIN compliance package published
- Audit result Qualified Security Assessor validation with zero findings
- Deliverables Attestation of Compliance and a PCI PIN Responsibility Summary
- Assessor Coalfire
The package contains two primary deliverables. One is a PCI PIN Attestation of Compliance that documents validation by a Qualified Security Assessor with zero findings. The other is a PCI PIN Responsibility Summary that outlines customer obligations for operating systems that handle PIN transactions.
The independent audit was performed by an assessor recognized by the PCI Security Standards Council. The updated materials are posted to the service compliance portal for customer review.
The service is a managed cloud offering for payment cryptographic operations and key management that aligns with PCI PIN, PCI Point to Point Encryption, and PCI DSS standards. It is intended to support card issuance, transaction processing, and PIN validation in cloud native environments.
The platform uses hardware security modules certified to Payment Card Industry PTS HSM requirements. The Responsibility Summary provides guidance on customer responsibilities when running payment applications on the platform.
WHY IT MATTERS
The attestation documents validation status and clarifies customer responsibilities for operating systems that handle PIN data. Organizations can use the package to assess deployment and compliance obligations when using the service.