Alibaba Cloud, the digital technology and intelligence backbone of Alibaba Group has secured the globally recognized Payment Card Industry Three-Domain Secure (PCI 3DS) compliance for all of its seven availability zones in Singapore, Malaysia, and Indonesia.

The PCI 3DS standard was established by the Payment Card Industry Security Standards Council, a global forum that brings together payments industry stakeholders to develop and drive the adoption of data security standards and resources for safe payments worldwide. This latest attestation further strengthens Alibaba Cloud’s support for the burgeoning fintech industry in Southeast Asia.

The PCI 3DS is a core security standard that provides a framework to manage the secure exchange of data among merchants, card issuers, and cardholders, especially for card-not-present (CNP) transactions. The rigorous attestation process is aimed at better preventing fraudulent settlements, unauthorized authentications, and falsified identity verifications at any point in the online transaction process.

Alibaba Cloud enhances ecosystem strategy in PH to serve SMEs

Alibaba Cloud report shows more PH businesses turn to cloud for growth

“Economies in Southeast Asia continue to grow rapidly,” said Selina Yuan, president for International Business, Alibaba Cloud Intelligence. “This region also has a strong affinity for online payments, especially through e-commerce. Getting our services and solutions certified with this best-in-class accreditation for card-based payments means we can better support companies managing online transactions by ensuring security and preventing fraud,”

Security compliance

In Singapore, shoppers pay for 75% of all online purchases using cards and digital payments. In Indonesia, cards are the preferred payment method for online purchases, making up 34% of transactions. In Malaysia, 40% of consumers say that they are using e-wallets more than they did pre-lockdown.

In the Philippines, the Bangko Sentral ng Pilipinas (BSP) has also forecasted the share of digital transactions to reach at least 50% by 2023. The millions of online transactions processed each day are translating to a growing security challenge for financial services and fintech players industry.

Alibaba Cloud’s move to expand its security and compliance footprint is more important than ever and demonstrates its commitment to driving the next phase of growth in the digital economy era. Its PCI 3DS attestation of compliance was granted by atsec, an independent global information security assessment and evaluation company.

PCI 3DS

“Companies managing online financial transactions often seek PCI 3DS compliance to better ensure data security,” said Yan Liu, Principal Consultant, PCI 3DS assessor, atsec. “We are glad more technology providers like Alibaba Cloud are making the extra effort to obtain PCI 3DS compliance proactively and infuse the best practices right into a cloud-based, secure data environment. After the comprehensive audit and onsite security assessment conducted by atsec, Alibaba Cloud can better and more directly support customers and ultimately the peace of mind for consumers and merchants,”

In Singapore, besides PCI 3DS, Alibaba Cloud is also the first cloud service provider certified by Infocomm Media Development Authority (IMDA) under the Data Protection Trustmark (DPTM), which demonstrates the company’s sound and accountable data protection practices in accordance with Personal Data Protection Act (PDPA). Alibaba Cloud has also achieved Multi-Tier Cloud Security (MTCS) Level-3 certification, and is also one of the first cloud providers to secure the Outsourced Service Providers Audit Report (OSPAR) attestation by the Association of Banks in Singapore (ABS).

In Indonesia, Alibaba Cloud is certified for compliance with the ISO 27001 information security management accreditation from Komite Akreditasi Nasional (KAN), the national accreditation body of Indonesia.

In Malaysia, Alibaba Cloud also complies with the Personal Data Protection Act (PDPA) 2010, regulating personal information protection, by the Department of Personal Data Protection (JPDP) under the Ministry of Communications and Multimedia.