AWS has released two new security services as part of its Payment Card Industry Data Security Standard (PCI DSS) certification.
Having published its Fall 2025 compliance package earlier this week, this update reinforces AWS’s commitment to ensuring secure, auditable, and regulator-ready infrastructure for customers that handle payment data.
This also allows customer enterprises to continue their focus on business enhancement without worrying about infrastructure risk.
The two new services – AWS Security Incident Response and AWS Transform – can only be used in line with PCI DSS requirements.
This update also includes further improvements to compliance and security expectations, ensuring AWS customers of their commitment to enforcing strong cybersecurity policies.
AWS Security Incident Response
As a managed security service, the AWS Security Incident Response enables enterprises to detect, prioritize, investigate, respond to, and recover from security alerts.
Previously, security alerts were received from multiple tools following a self-managed structure, resulting in limited detection and inconsistent investigation quality.
However, by introducing an integrated, managed layer that supports incident response, AWS customers gain a single, structured experience for handling security events.
This service also utilizes tools such as Amazon GuardDuty and AWS Security Hub throughout the process, reducing the number of unimportant alerts and highlighting only critical issues during a security investigation.
From a customer experience perspective, this service improves clarity during incidents, reduces response time, and delivers consistent security handling at scale.
In doing so, the tool enables customers to shift from manual, fragmented responses to secure, expert-heavy ones.
AWS Transform
This is AWS’s first service that utilizes agentic AI to help enterprises modernize their legacy systems and workloads.
This includes migrating traditional mainframes, VMware systems, and Windows/.NET applications, and transforming information into code, databases, and infrastructure without manual work.
This service can reportedly accelerate the speed of system modernization by up to 5x faster, utilizing agentic AI-powered automation of analysis, planning, documentation, and transformation tasks.
AWS Transform can also automate repetitive, high-end tasks, enabling teams to deliver complex projects faster.
By applying AI agents with decades of AWS migration experience, these bots help customers modernize their systems predictably and consistently, resulting in lower execution risk.
This modernization strategy also helps lower costs and effort for enterprise customers by reducing dependence on expensive infrastructure and software licenses.
Moreover, the solution supports faster migration, lowering spending, and predictable modernization outcomes.
OSCAL in AWS Artifact
The PCI DSS report package is now available in OSCAL in AWS Artifact, reportedly being the first cloud provider offering compliance reports in a machine-readable format.
This format shift will allow customers to automate parts of their compliance work with JSON data for speedier information deployment.
By utilizing JSON data over traditional PDF and manual review documents, this allows both the customer and the machine to decipher with ease.
This new format will help enterprises automate and modernize how they consume and utilize compliance information.
Aligning to CX Expectations in Security and Compliance
With cybersecurity threats on the rise and high-profile breaches making headlines, security and compliance have never been more important for businesses handling payment data.
AWS’s compliance update strengthens controls like encryption, access restrictions, and continuous monitoring, helping keep sensitive information safe.
For customer-facing teams, this means fewer interruptions, faster issue resolution, and more confidence that customer data is protected.
By reassuring enterprise customers about their security management, AWS helps build trust, reduce risk, and improve the overall customer experience.
Stronger frameworks also lower the likelihood of fraud or data breaches, giving both businesses and their customers peace of mind.
With fewer incidences of fraud, customers are less likely to experience data breach attempts if cyberattack groups believe its security strongholds are too difficult to compromise.
With fewer incidences of data breaches, customers will more likely retain their confidence in the framework they’re using, meaning less damage to their reputation and smoother customer journeys.
As PCI DSS is an already established package for securing payment processing environments, this already demonstrates AWS’s commitment to ensuring secure data protection. By enhancing the compliance’s reputation, this strengthens customer trust and increase loyalty and retention.
Furthermore, visible security standards can set a provider apart from others that don’t properly advertise their existence within the platform, attracting less companies that prioritize customer data protection.
With an increase in cybersecurity attacks, expectations across industries that handle complex and sensitive data have increased, making providers that can supply strong, ready-to-use frameworks are more attractive to enterprises right now.
This is also true within the payment data handling sector, with providers such as SequenceShift offering PCI-compliant phone payment solutions for Amazon Connect.
This includes card data being collected securely and passed directly to the payment processor, ensuring the contact center cannot see or record sensitive information.
This can prove useful during fraud and data breach reports in contact centers, ensuring customers that their card data cannot be exposed during interactions.
This strategy protects customer payment information from possible incidents of eavesdropping, internal mistakes, or system breaches.
Dmitri Muntean, Managing Director at SequenceShift, explained the critical need to supply strong security walls during payment processes.
“With rising concerns about data breaches, customers are increasingly hesitant to provide credit card details over the phone,” he said.
“Many of us can relate to that hesitation – I know I’m cautious about sharing my credit card details, especially over unsecured channels.”
The AWS PCI DSS compliance packages help customers meet card payment security expectations with reduced manual effort.
By expanding its coverage to newer services and regions, this supports broader deployment choices such as automation, helping a wide range of customers maintain compliance whilst scaling securely.
