11436 SSO

PCI Compliance: Protect Your and Your Customers' Data

Apigee Product Team
Sep 30, 2013

With media reports of hacker incidences, stolen credit card numbers, and identity theft, consumers are understandably concerned about information security. We want absolute assurance from businesses that our credit card numbers and other personal information is secure.

Payment Card Industry’s Data Security Standard (PCI DSS) defines the standard for securing cardholder data, wherever it is located. Compliance is required of all entities storing, processing, or transmitting cardholder data. But PCI compliance isn't just about satisfying a list of guidelines - it's a way to protect a business and its customers' data from outside attacks. 

Apigee has had customers across indistries including healthcare, retail, travel and entertainment running in our PCI compliant cloud since 2011. We recently successfully completed an annual audit and PCI recertification verifying that we continue to meet the Credit Card industry requirements for information security. What does this mean for our customers?

With Apigee, businesses can continue to easily tap the vast, affordable compute resources of “the cloud” to support their transactional API traffic with the confidence that all sensitive customer data remains protected. In addition to helping build and support scalable, secure PCI-compliant APIs Apigee helps with the processes and the security measures to protect cardholder information:

  • Apigee provides a hosted solution that enables PCI compliance

  • Apigee technology contributes to defense in depth, protects backend systems, and strengthens network security

  • The Apigee platform provides a central location for logging, policies, and security, which helps with auditing and attestations

  • The platform can perform data masking to log transactions without storing any sensitive information


Scaling Microservices