PCI DSS Responsibility Matrix | Oracle B2C Service

Expand

Collapse

My Service Notifications

Advanced SearchOpens new dialog

Enter plus (+) or minus (-) signs in search terms to make a word required or excluded
Search Tips

Search terms

Screen Reader users press enter to select a Filter by product. Filter by product

Screen Reader users press enter to select a Filter by category. Filter by category

Sort by Direction

PCI DSS Responsibility Matrix

Answer ID 8758 | Last Review Date 08/14/2023

Who is responsible for each of the Payment Card Industry Data Security Standards (PCI DSS) controls?

Environment:

PCI pods (Includes US Federal Government pods)

Resolution:

Oracle and its B2C Service customers have shared responsibility in ensuring their Oracle B2C Service implementation meets the Payment Card Industry Data Security Standards (PCI DSS) V3.2.1 (until March 2024) and V4.0 controls. While the PCI DSS covers all forms of credit card processing, not all parts may apply to your business model and usage of B2C Service.

While Oracle B2C Service is assessed annually for complying with the PCI DSS controls, the assessment covers the environment as your Cloud Service Provider and the software as delivered “out of the box”. Customers have opportunities to extend and customize the solution to their business needs, but those customizations are not covered by the annual Oracle PCI assessment. For customizations you make, they need to be reviewed prior to being moved into your production site. If you want to discuss a new customization, please contact your Technical Account Manager. To help clarify the roles and responsibilities for performing tasks related to PCI DSS controls, we are providing the attached Ownership Matrices (see below).

For more information, see the following resources:

PCI (PC Pod) Frequently Asked Questions

Guidance for Implementing in PCI or HIPAA Service Cloud Environment.

File Attachment