PCI DSS mandates that anyone who processes, stores or transmits sensitive data about credit cards should do all they can to keep that information secure. This can be achieved in-house, or via outsourced payment processing services. At this juncture, the question arises whether is it valid to store sensitive card data remotely and how it compares to self storage of the data.
PCI DSS comprises twelve standards which are further separated into over 200 different security measures. Some of these controls are and should be attended to by the merchants themselves. Some of the requirements, however, should be outsourced to a remote storage center for credit card details for convenience's sake.
The third statement of PCI DSS merely states that credit card holders' data must be protected. Superficially, it is a sorrowfully generalized statement. Fortunately, it comprises over twenty different measures that once implemented ensure complete protection.
The major requirement for this security control is encryption. If you intend to store credit card data on your system, then it has to be encrypted. However, sometimes, business owners find it difficult to comprehend all that encryption entails, or what exactly is implied by adequate security. Even when encryption techniques are applied correctly, a whole host of other requirements are encountered related to how the encryption keys are protected.
Remote storage of data eliminates this problem for you. If you store your data in a secured storage site away from your systems, you need to contact a company that is an expert in such data encryption.
The first control, which is part of the third PCI statement, says that merchants should store minimal amounts of cardholder data and the storage amount and time it is retained should be restricted to only that which is required for legal or business purposes. In all practicality, this leads to a merchant opting or remote storage since the company doing the storage then has to keep track of such regulations. If you select the correct company for remote storage partnering, then you can protect your data from criminals with adequate security controls.
The other necessary requirements of PCI DSS can be met with storing credit card data remotely. These include the standards numbered the seventh, eight and ninth statements. Seven says that access to cardholders' data must be restricted on need-to-know basis for business requirements. According to the eight statement, a unique ID must be provided to all those who have access to the data, and the ninth states that physical access to the data must be restricted.
You may want to know how remote storage will help you comply with these standards. The means are quite obvious with some. For example, the ninth requirement is met because no data is on your system, thus completely restricting physical access. Seven is also met in the same manner. If data is stored in a remote location, then only few people will have access to it. As for standard eight, people who have access will have to be given a unique ID because that allows tracking of their activities regarding data on sensitive systems.
Complying with PCI standards can be a complicated, expensive and laborious process. With increasing numbers of consumers growing wary of the way credit card transactions are conducted, PCI SSC has to do more and more to ensure that the environment in which transactions are conducted is safe and secure so that more consumers are attracted to it. Yet, several companies are delaying their PCI compliance because improper security measures and the complications attached to improving them.
Storing data remotely eliminates most of the complications involved in attaining PCI compliance and lets you reach that goal easily.
Ultimately, the chief concern is that a criminal is not able to get at what you do not have in the first place. Thus, keeping your data off your system ensures that hackers do not gain easy access to your data.
For free tips on setting up a merchant account with less than perfect credit as well as more information on single use merchant account visit http://www.bluewithdrawal.com
Article Source: http://EzineArticles.com/?expert=Robert_R._Brady
