CloudFlare is now PCI 3.1 certified

The Payment Card Industry Data Security Standard (PCI DSS) is a global financial information security standard that ensures companies processing credit card transactions adhere to high technical standards. Companies at level one PCI compliance are subject to the most stringent checks. CloudFlare, a company providing security for important businesses worldwide, chose to be audited as a level one service provider. The PCI council has updated its guidelines from version 2.0 to 3.1, addressing known attacks and enhancing financial security controls in anticipation of future threats. Changes include increased accessibility and awareness, integration into everyday operations, more rigorous evidence requirements, shared responsibility, and the "sunset date" for old encryption standards like SSL 3.0, TLS 1.0, and TLS 1.1. CloudFlare has achieved full compliance as a level one service provider while improving its security and learning about customer compliance needs.