If your application needs to process, store, or transmit credit card data, you are probably familiar with the Payment Card Industry Data Security Standard, otherwise known as PCI DSS. This standard specifies best practices and security controls needed to keep credit card data safe and secure during transit, processing, and storage. Among other things, it requires organizations to build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong security measures, test and monitor networks on a regular basis, and to maintain an information security policy.
According to Amazon they have received PCI DSS certification for version 2 from their QSA. Interestingly, their cloud and storage services. For many executives this will answer the question on whether cloud services can pass the PCI DSS specification.