Compliance-Fraud Detection(Fraud Detection)-阿里云帮助中心

Supported features and compliance standards

Compliance standards in China

Fraud Detection meets multiple compliance standards in China to provide reliable security assurance.

MLPS 2.0 level 3

Compliance with Multi-Level Protection Scheme (MLPS) 2.0 level 3: Fraud Detection provides rack availability of 99.99% guarantee, resource pools that physically isolate software and hardware, and security capabilities such as independent access control monitoring. This fully complies with the security compliance requirements of the financial industry.
Infrastructure security guarantee: Fraud Detection adopts a data center architecture that uses the redundant deployment method to eliminate single points of failure (SPOFs) and ensure the stability of your workloads.

Personal information protection law

Data security and privacy protection: Fraud Detection integrates the requirements of the Personal Information Protection Law into its product development lifecycle to comprehensively protect user privacy through methods such as data encryption and access control.

Compliance standards outside China

Fraud Detection holds multiple international certifications to support global business needs:

GDPR

Data sovereignty and cross-border data transmission: Certified by ISO 27701 to ensure personal data processing complies with GDPR requirements and supports secure cross-border data transmission.

HIPAA

Medical data protection: Fraud Detection is certified by ISO 27018 to provide data protection solutions that comply with the Health Insurance Portability and Accountability Act (HIPAA) for customers in the healthcare industry.

PCI DSS

Payment security: Fraud Detection is certified by the Payment Card Industry Data Security Standard (PCI DSS) and Payment Card Industry Three Domain Secure (PCI 3DS) to ensure secure processing and storage of payment data.

ISO 27001

Information security management system: Fraud Detection holds ISO 27001, ISO 27017, and ISO 27018 certifications, establishing a comprehensive information security management system.

Security protection scenarios

Data security protection

Data encryption: Fraud Detection provides multiple data encryption methods, including disk encryption, data transmission encryption, and storage encryption.
Access control: Fraud Detection implements permission management based on Resource Access Management (RAM) to ensure compliance with the principle of least privilege.
Backup and recovery: Fraud Detection supports multiple data protection mechanisms, including snapshot backup and image backup.

Network security protection

Network isolation

Fraud Detection implements network isolation based on Virtual Private Cloud (VPC) to provide independent and secure network environments by using the tunneling technology.
Fraud Detection allows you to configure security group rules. This helps control inbound and outbound traffic in a fine-grained manner.

Attack prevention

Various attack prevention measures are provided, including DDoS attack mitigation, traffic scrubbing, and SQL injection detection.
HTTPS-based encryption is supported to ensure data integrity.

Audit and compliance

Operation audit: All operations can be recorded by ActionTrail for tracing and risk assessment.
Compliance check: Compliance checks can be performed to detect security risks such as network security configuration risks and host vulnerabilities.

Compliance value and benefits

Alibaba Cloud has obtained more than 140 security compliance certifications, demonstrating comprehensive security capabilities and helping enterprises efficiently meet regional and industry-specific compliance requirements.

Fraud Detection provides the following benefits:

Reduce compliance costs.
Improve security operations efficiency.
Effectively prevent various security threats.
Meet compliance requirements across multiple regions and industries.

For more information, contact the Fraud Detection team.