Welcome Amazon, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, Amazon Principal Industry Specialist, Balaji Palanisamy, introduces us to his company and how they are helping to shape the future of payment security.
Tell us about your company.
Amazon Web Services (AWS) is guided by customer obsession, pace of innovation, commitment to operational excellence, and long-term thinking. By democratizing technology for nearly two decades and making cloud computing and generative AI accessible to organizations of every size and industry, AWS has built one of the fastest-growing enterprise technology businesses in history. Millions of customers trust AWS to accelerate innovation, transform their businesses, and shape the future. With the most comprehensive AI capabilities and global infrastructure footprint, AWS empowers builders to turn big ideas into reality.
Why did your company decide to become a Principal Participating Organization?
At AWS, we're committed to helping our customers build secure, compliant payment applications. Many of our customers rely on multiple PCI-validated AWS services to process payments. Those needing advanced payment cryptography capabilities rely on AWS CloudHSM (PCI PIN validated) or AWS Payment Cryptography (PCI PIN and P2PE validated).
Becoming a PPO allows us to represent our customers' voices in the standards development process. Through participation in groups such as the Technology Guidance Group, we can share insights about cloud environments and real-world customer use cases before standards are finalized.
Which benefits are you most looking forward to as a Principal Participating Organization?
We’re most excited about the opportunity to actively represent our customers in the Technology Guidance Group (TGG). This forum allows us to provide meaningful input on behalf of the thousands of customers who build payment solutions on AWS.
Additionally, participation in Principal PO-only events and Special Interest Groups (SIGs) gives us valuable insights into emerging payment security challenges and industry perspectives. The training opportunities help our teams stay current with the latest developments in payment security standards, which ultimately benefit our customers through better service design and guidance.
Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?
PPO membership provides a unique opportunity to shape payment security standards rather than simply react to them. Through early access to draft standards and participation in technical oversight, companies can plan proactively for compliance requirements. For AWS, this means we can better prepare our payment services, including Amazon Pay and AWS Payment Cryptography, to meet evolving standards. But beyond our own services, PPO membership demonstrates a long-term commitment to the payment security community. It's about working together in partnership to advance payment security for everyone. When more companies engage at the Principal level, the standards benefit from diverse perspectives across different technologies, geographies, and use cases. This collaborative approach leads to more robust, practical standards that work in the real world.
What are some payment security topics that you’re interested in collaborating on?
Cloud-native payment security: As more organizations move payment workloads to the cloud, we want to help develop guidance that addresses cloud-specific architectures while maintaining strong security controls.
Cryptographic key management: With the evolution of cryptographic standards and the increasing complexity of key management in distributed environments, there's an opportunity to share best practices and develop practical guidance.
Emerging payment methods: We're interested in helping ensure security standards keep pace with innovation to support our customers, and innovate payment technologies, from contactless to digital wallets to new authentication methods.
Automation and DevSecOps: We'd like to explore how organizations can maintain PCI compliance while adopting modern development practices like continuous integration and deployment.
These topics reflect the challenges we hear from our customers every day, and we believe collaborative work in these areas will benefit the entire payment security community.
