Organisations concerned about payment fraud can now securely store their customers’ financial details in the UK after Microsoft was told its data centres in the country met crucial, global guidelines.
The company’s sites in the UK have been cleared to store, process and move data about credit card holders, allowing Azure customers to hold this information closer to their businesses.
Microsoft runs more than 100 data centres globally, holding over 30 trillion pieces of data. They are backed by billions of dollars in investment to ensure they offer the highest levels of security to the growing number of firms who are choosing to store a range of information in the cloud, including financial.
Payment fraud continues to be a huge concern for many organisations that accept credit cards.
According to Financial Fraud Action UK (FFA), fraud losses on UK-issued cards totalled £567.5 million in 2015 – the latest year for which figures are available – an 18% increase on 2014 and the fourth consecutive year of increase. Overall card fraud losses as a proportion of the amount spent on cards rose from 7.5p per £100 spent in 2014 to 8.3p per £100 in 2015.
“These trends owe much to the use of deception crimes, as well as the use of online attacks, such as malware and data hacks, to compromise card details,” the FFA said.
Microsoft’s announcement today means Windows Azure in UK data centres is compliant with the Payment Card Industry (PCI) Data Security Standards (DSS), as judged by an independent Qualified Security Assessor. As a result, Azure customers can now use Microsoft’s sites in the UK to run their own secure applications that feature financial information.
The PCI feature is also available as part of Azure Resource Manager, which allows customers to save time by completing cloud tasks in groups as part of a template, rather than individually. Microsoft has reminded customers using this solution that they are responsible for conducting security and compliance reviews, as their requirements could vary based on implementation and geography. PCI-DSS also requires that an accredited qualified security assessor certify the customer’s solution.
Graham Hill, Director of UK Commercial Markets Strategy Group at Microsoft, said: “Security is the top priority for Microsoft and its customers using the cloud, which is why today’s news that PCI-DSS is available in our UK data centres is such an important milestone. This new feature joins a range of solutions that help our customers store, manage and access their data quickly, securely and reliably.”
Data Movement has also been launched in UK data centres, allowing users to automate the movement and transformation of data from various sources. It’s a feature of Azure Data Factory, which does not store any data itself but lets you copy data from a cloud data source to an Azure store located in the UK.
Azure On Gov Connectivity
PCI-DSS and Data Factory come after Microsoft unveiled an Azure feature that slashes the time it takes for public sector organisations to get up and running from weeks to just hours. The blueprint makes it clear that customers joining Microsoft’s cloud service are abiding by the cloud security principles laid out by the UK government’s National Cyber Security Centre.
Other Azure features unveiled recently include Azure Search, which lets people search for online content in 56 languages; Azure Automation saves time and increases the reliability of administration tasks that have to be completed; Azure Security Centre, which helps customers prevent, detect and respond to threats; Service Fabric, which lets developers focus on building features for their applications without needing to design and write additional code to deal with reliability, scalability or latency; and Azure Marketplace, an online store featuring thousands of certified and open source applications, developer services and data.
Microsoft opened its UK data centres in September last year. Since then, thousands of customers – including the Ministry of Defence, the Met Police, parts of the NHS and Capita – have signed up to take advantage of the sites, which offer UK data residency, security and reliability.