Yugabyte Achieves PCI DSS Level 1 Compliance, Validating Secure and Scalable Distributed PostgreSQL for Financial Institutes

Maurice Olsen


 Yugabyte, the distributed PostgreSQL database company for cloud native applications, today announced that it successfully achieved PCI DSS compliance, becoming a PCI DSS Level 1 Service Provider for the fully-managed DBaaS offering of YugabyteDB. The certification paves the way for fintechs and financial institutions to accelerate their database modernization initiatives with YugabyteDB.

The Payment Card Industry Data Security Standard (PCI DSS) is the most prevalent industry-recognized security standard related to the storage, transmission, and processing of cardholder data. It is designed to enhance the security of cardholder data and reduce the risk of data breaches, protecting consumers and businesses from financial fraud. Yugabyte achieved Level 1, the highest level of PCI DSS certification, reaffirming its commitment to helping financial institutions seamlessly process unlimited transactions and credit card data.

“In today’s digital age, protecting sensitive financial data is non-negotiable. The Payment Card Industry Data Security Standard serves as the industry’s gold standard for safeguarding cardholder information, ensuring robust security measures are in place throughout the entire payment processing ecosystem,” said Jay Duraisamy, SVP Technology, Data & Analytics at Fiserv. “Achieving PCI DSS certification demonstrates a vendor’s unwavering commitment to data security, building trust with customers and partners alike.”

To achieve Level 1 compliance, YugabyteDB’s security controls were tested by an independent Qualified Security Assessor (QSA). The assessment included a review of YugabyteDB’s technical controls as well as company policies and procedures. The independent QSA deemed that Yugabyte’s information security program was in compliance with all applicable PCI DSS requirements.

“Reaching PCI DSS Level 1 compliance is a testament to Yugabyte’s dedication to delivering secure, enterprise-ready solutions for financial institutions, fintechs, and their end customers,” said Sawyer Miller, Director of Audit & Implementation Practice at risk3sixty. “By following the thorough security standards of PCI DSS, Yugabyte is well positioned to continue leading the way for users to build applications on a modern database that delivers security, reliability and the utmost protection of customers’ sensitive data.”

The PCI DSS compliance applies to Yugabyte’s high-security offering of YugabyteDB Managed, the fully-managed version of YugabyteDB hosted and managed by Yugabyte. Users of the self-managed or open source versions of YugabyteDB can deploy a PCI-compliant solution by meeting the necessary requirements around infrastructure security and deployment.

“We are excited to add PCI DSS compliance for our fully-managed YugabyteDB offering to our existing portfolio of security certifications and attestations,” said Maurice Olsen, Sr. Director of Security & Compliance, Yugabyte. “Achieving PCI DSS compliance is a testament to our commitment to securing sensitive cardholder information and building a foundation of trust with our stakeholders.”