Google Cloud Platform meets the requirements for PCI DSS

What is PCI DSS?

The Payment Card Industry (PCI) Security Standards Council was established by the major credit card companies as a separate global organization to define appropriate practices that merchants and service providers should follow to protect payment cardholder data. The PCI Security Standards Council created the PCI Data Security Standard (DSS) to define a global information security standard for protection of payment cardholder data.

Google Cloud Platform and PCI DSS

The following Google Cloud Platform services have been reviewed by an independent Qualified Security Assessor and determined to be PCI DSS 3.1 compliant:

This means that these Google Cloud Platform services provide an infrastructure upon which customers may build their own service or application which stores, processes, or transmits payment cardholder data. The services specified above have been reviewed for PCI requirements and are PCI DSS 3.1 compliant. Customers are responsible to ensure their applications are PCI Compliant, but they can rely on Google’s compliance for the infrastructure components we are providing. This is a shared responsibility between Google and its customers. Learn more about this shared responsibility


Answers to your frequently asked questions

View the FAQ

Security Whitepaper

Read more about Google’s approach to security

View the whitepaper

Contact us

Talk with a Cloud Platform team member about security

Contact us