Certification PCI DSS pour l'hébergement de données bancaires

PCI DSS Certification for financial data hosting

Payment card data requires especially high care and security, because it is sensitive data, and is often a target for fraudulent activity. PCI DSS (Payment Card Industry Data Security Standard) level 1 certification ensures that banking organisations and users of online services have a high level of security. Organisations that process this confidential data meet the specific security requirements defined by this certification. The framework is edited and maintained by the PCI Council, a professional group of payment card providers including Visa, Mastercard, American Express, JCB and Discovery. This security standard is one of the strictest in terms of confidential data protection.

Our PCI DSS-certified products

Our Hosted Private Cloud Premier solution has been PCI DSS 3.2 certified since 2015. Our datacentres in France, Canada, the UK, Germany and Poland hold this certification.

Optimal security

We have added further security measures to our PCI DSS-certified solutions. These include token validation for critical actions, access control lists (ACLs) for administration interfaces, specific reports on sensitive actions, and specific features for account management.

A simplified approach to compliance

With a PCI DSS-certified infrastructure, you can simplify the way you ensure compliance with security standards that are currently in force. OVHcloud will help you ensure compliance, and will provide you with the documents you need for PCI DSS certification.

Prices of our PCI DSS-certified products

Packs Price per month
PRE 48 (2 hosts each with 48 GB of RAM and 12 cores) US$ 1,958.00 ex. GST/month
PRE 96 (2 hosts each with 96 GB of RAM and 12 cores) US$ 2,594.00 ex. GST/month
PRE 192 (2 hosts each with 192 GB of RAM and 16 cores) US$ 3,156.00 ex. GST/month
PRE 384 (2 hosts each with 384 GB of RAM and 32 cores) US$ 4,840.00 ex. GST/month
PRE 768 (2 hosts each with 768 GB of RAM and 32 cores) US$ 6,710.00 ex. GST/month
PRE vSAN 192 (3 hosts each with 192 GB of RAM and 40 cores) US$ 7,234.00 ex. GST/month
PRE vSAN 384 (3 hosts each with 384 GB of RAM and 40 cores) US$ 10,513.00 ex. GST/month
PRE vSAN 768 (3 hosts each with 768 GB of RAM and 40 cores) US$ 15,427.00 ex. GST/month
Host With PCI-DSS certification
PRE 48 US$ 803.00 ex. GST/month
PRE 96 US$ 1,121.00 ex. GST/month
PRE 192 US$ 1,402.00 ex. GST/month
PRE 384 US$ 2,244.00 ex. GST/month
PRE 768 US$ 3,179.00 ex. GST/month
PRE vSAN 192 US$ 2,294.00 ex. GST/month
PRE vSAN 384 US$ 3,387.00 ex. GST/month
PRE vSAN 768 US$ 5,025.00 ex. GST/month
Datastore Price per hour Price per month
3 TB US$ 0.44 ex. GST/hour US$ 156.00 ex. GST/month
6 TB US$ 0.89 ex. GST/hour US$ 291.00 ex. GST/month
9 TB US$ 1.11 ex. GST/hour US$ 403.00 ex. GST/month
18 TB US$ 2.23 ex. GST/hour US$ 807.00 ex. GST/month
36 TB US$ 4.48 ex. GST/hour US$ 1,605.00 ex. GST/month

PCI DSS-certified solutions for hosting financial data

Need help or information?

You can request a free callback from an OVHcloud adviser.

PCI DSS

What is the PCI DSS standard?

PCI DSS is a reference source for security requirements designed to ensure the confidentiality of bank cards and credit cards when used in IT systems. The reference source is edited and maintained by the PCI Council, a professional asssocation of credit card companies that includes VISA, Mastercard, American Express, JCB and Discovery.

Every bank that issues cards to its customers holding bank accounts, or collects transactions for its merchant customers, is free to provide a contractual definition of the security requirements that its customers and partners must comply with. PCI DSS standard defines a common security level that covers the vast majority of requirements. The PCI DSS standard has become a benchmark in electronic payment security, and compliance with this standard has become a systematic requirement for parties in online payment systems. Every party in the online payment system hosting chain holds a degree of responsibility in maintaining the platform's overall security. These obligations are contractually transferred from the card brands to all actors involved in the electronic payment platform.

PCI DSS standard officially lists more than 250 controls and security features that need to be set up to process card numbers securely. These controls are divided into six groups:

  • Build and maintain a secure network and system

  • Protect card holders' data

  • Maintain a vulnerability management programme

  • Implement strong access control measures

  • Regularly monitor and test networks

  • Maintain an Information Security Policy

How to be PCI DSS compliant

PCI DSS compliance applies to the entire electronic payment platform, and is complied with by the merchant through its reliance on the PCI DSS-compliant building blocks that belong to its service provider. This means that each party involved in the platform's use complies with the standard's requirements that are relevant to its activities, and demonstrates this compliance to its customers.

In the context of our PCI DSS payment infrastructure, OVHcloud is responsible for the infrastructure's security, whilst you remain responsible for the security of the virtual machines we host, the use of virtual network features, and the application layers deployed on your virtual machines. In this way, PCI DSS compliance is a joint effort to combine your software and system platform's security measures with those of the OVHcloud Hosted Private Cloud infrastructure.

PCI DSS compliance can be certified with an Attestation of Compliance (AoC), drawn up after a self-assessment questionnaire has been completed, or after an audit has been performed by one or several QSA (Qualified Security Assessor) companies.

Your platform's compliance with the PCI DSS standard is a structured process, for which the characteristics and obligations depend on several factors:

  • The number of transactions completed annually
  • Type(s) of bank card(s) accepted
  • Acquiring bank(s)
  • Complexity of the electronic payment infrastructure

Becoming PCI DSS compliant involves approaching the parties concerned, to understand their precise expectations. OVHcloud recommends that you contact your acquiring bank and/or contact a QSA company to assist you with this process.

The OVHcloud platform undergoes annual audits by a QSA company. The audit documents are available for you to review, so that you can:

  • Understand which requirements are covered by our certification
  • Define the requirements you need to cover
  • Show your QSA that all of the applicable requirements are acknowledged by OVHcloud, and are PCI DSS-compliant

OVHcloud can also help you achieve compliance, through the support of its team of experts, as well as the supporting documentation it offers:

  • The creation of a PCI DSS responsibility assignment matrix
  • Special conditions detailing OVHcloud's responsibilities
  • A specifications template for performing the obligatory intrusion tests