The PCI Security Standards Council’s recent virtualization guidance document has indicated that merchants who choose cloud providers for payment processing, rather than the cloud providers themselves, maintain responsibility for safeguarding information and complying with PCI DSS.
While it is possible for a cloud provider to offer a PCI compliant service, Michael Dahn, director of threat and vulnerability management at PricewaterhouseCoopers, indicates that it is up to the merchant to vet the cloud provider and understand the security processes they provide. According to Dahn, even if a cloud provider has been validated as PCI compliant by an independent Quality Security Assessor, the merchant remains responsible for credit card data stored on those cloud platforms.
However, even though the merchant cannot pass responsibility on to the cloud provider, ultimately there are steps that can be taken to avoid pitfalls, and according to Savvis strategist Ed Boyle, moving a PCI DSS compliant processing platform to the cloud need not be a “scary proposition.” More cloud providers, including Amazon Web Services, Verizon, and Akamai, run PCI DSS validated tokenization services, which wipe sensitive credit card data from the systems while maintaining analytics.
Visa offers a list of PCI-validated service providers 
(PDF)