Alibaba Cloud, the digital technology and intelligence backbone of Alibaba Group, announced it has secured the globally recognized Payment Card Industry Three-Domain Secure (PCI 3DS) compliance for all of its seven availability zones in Singapore, Malaysia and Indonesia. The PCI 3DS standard was established by the Payment Card Industry Security Standards Council – a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide. This latest attestation further strengthens Alibaba Cloud’s support for the burgeoning fintech industry in Southeast Asia.
The PCI 3DS is a core security standard which provides a framework to manage the secure exchange of data between merchants, card issuers and cardholders, especially for card-not-present (CNP) transactions. The rigorous attestation process is aimed at better preventing fraudulent settlements, unauthorized authentications and falsified identity verifications at any point in the online transaction process.
It is projected that by 2025, 84% of urban consumers in Southeast Asia will be using digital wallets.[1]
In Singapore, shoppers pay for 75% of all online purchases using cards and digital payments. Similarly, in the fast-growing digital economy of Indonesia, cards are the preferred payment method for online purchases, making up 34% of transactions. In Malaysia, 40% of consumers say that they are using e-wallets more than they did pre-lockdown. Philippine central bank Bangko Sentral ng Pilipinas (BSP) has also forecasted the share of digital transactions to reach at least 50% by 2023 in the Philippines. The millions of online transactions processed each day is translating to a growing security challenge for financial services and fintech players industry.
Alibaba Cloud’s move to expand its security and compliance footprint is more important than ever and demonstrates its commitment to drive the next phase of growth in the digital economy era. Its PCI 3DS attestation of compliance was granted by atsec, an independent global information security assessment and evaluation company.
“Companies managing online financial transactions often seek PCI 3DS compliance to better ensure data security. We are glad more technology providers like Alibaba Cloud are making the extra effort to obtain PCI 3DS compliance proactively and bake in the best practices right into a cloud-based, secure data environment. After the comprehensive audit and onsite security assessment conducted by atsec, Alibaba Cloud can better and more directly support customers and ultimately the peace of mind for consumers and merchants,” said Yan Liu, Principal Consultant, PCI 3DS assessor, atsec.
“Economies in Southeast Asia continue to grow rapidly. This region also has a strong affinity for online payments, especially through e-commerce. Getting our services and solutions certified with this best-in-class accreditation for card-based payments means we can better support companies managing online transactions by ensuring security and preventing fraud,” said Selina Yuan, President for International Business, Alibaba Cloud Intelligence.
In Singapore, besides PCI 3DS, Alibaba Cloud is also the first cloud service provider certified by Infocomm Media Development Authority (IMDA) under the Data Protection Trustmark (DPTM), which demonstrates the company’s sound and accountable data protection practices in accordance with Personal Data Protection Act (PDPA). Alibaba Cloud has also achieved Multi-Tier Cloud Security (MTCS) Level-3 certification, and is also one of the first cloud providers to secure the Outsourced Service Providers Audit Report (OSPAR) attestation by the Association of Banks in Singapore (ABS).
In Indonesia, Alibaba Cloud is certified for compliance with the ISO 27001 information security management accreditation from Komite Akreditasi Nasional (KAN), the national accreditation body of Indonesia.
In Malaysia, Alibaba Cloud also complies with the Personal Data Protection Act (PDPA) 2010, regulating the personal information protection, by the Department of Personal Data Protection (JPDP) under the Ministry of Communications and Multimedia.
In the Philippines, Alibaba Cloud’s fintech services are in accordance with guidelines issued by the Bangko Sentral ng Philipinas’s (BSP), according to an independent audit report recently conducted by a global audit firm.
Globally, Alibaba Cloud has secured more than 80 security and data management accreditations worldwide.