Monday, July 27th, 2020 | 4 min read
By Matthew Goche and Jeremy Lacy
If you start talking about PCI DSS compliance, people’s eyes tend to glaze over. Perhaps that’s understandable, since PCI DSS stands for the Payment Card Industry Data Security Standard.
But the fact is, PCI impacts every single person who uses a credit card. Us. You. Everyone. PCI DSS is what keeps your credit card information from being hacked.
Here’s how it works. Every merchant (think Amazon or your local grocery store) or service provider (Verizon, your bank, etc.) who takes credit card data, stores credit card data, or moves credit card data from one place to another has to be PCI compliant. There is no wiggle room (for which we, as consumers, are very glad).
Now, compliance has always been a tough proposition and, with the advent of the cloud, it has gotten even tougher. There are currently 288 PCI DSS controls that companies need to comply with in order to protect not only data at rest, but also data in transit.
Let’s bring this down to a few specifics to help explain what is involved in PCI compliance. Assume for a moment that you are in a business that handles financial data:
Essentially, PCI DSS places the burden of PCI compliance directly on the company who handles financial data, regardless of the third-party vendors that company may be using. It also makes the assumption that the space between two clouds is non-compliant – that hackers and attackers are lying in wait to intercept data.
What does this mean for businesses who want to buy, sell, make transactions, etc. and use the cloud to do so? Well, unless they want to build a PCI compliant cloud from the ground up, they have to partner with vendors who are also PCI DSS experts – vendors who will keep them in compliance and who will protect their data in transit and data at rest according to PCI DSS’s strict standards.
When you think of what is at stake (just remember the Target hack fiasco), you can appreciate that choosing a vendor as a partner to help ensure PCI DSS compliance is a significant decision. A strong vendor will have PCI security “baked into” their systems. They will have the benefit of experience with hundreds of other clients. They will have a track record of long-lasting business relationships.
The bottom line is this: if you run a business that handles financial data in a cloud environment, PCI DSS is a big deal. If you don’t want to be a PCI expert yourself, enter into a strategic business partnership with a vendor who is knowledgeable, experienced, and committed to your success.
Ce site web utilise des cookies pour vous vous assurer une expérience de navigation optimale.OK En Savoir Plus
Diese Internetseite verwendet Cookies, damit Sie die Funktionen der Website optimal nutzen können.OK Weitere Informationen finden Sie hier
Este sitio web usa cookies para asegurarnos que usted reciba la mejor experiencia en nuestro sitio web.OK Aprenda más