- Products & Services
- Knowledge Base
CHICAGO, IL, August 14, 2013 /24-7PressRelease/ -- Since Payment Card Industry Data Security Standards (PCI DSS) compliance regulations require that all businesses transmitting, processing or storing cardholder data must follow the PCI DSS guidelines, a new school of thought suggests that reducing scope can help achieve compliance more quickly and easily. Terrence Howard, founder of PCIHosting.com (http://www.pcihosting.com) says that this approach offers a more creative solution toward achieving compliance.
"The idea of changing scope instead of scrambling to install an entirely new system offers a great solution for businesses to become compliant more easily," explains Howard, whose company helps businesses find PCI compliant web hosting services. "It's more convenient, more cost-effective and the end result offers just as much safety for consumers."
The PCI DSS guidelines are a set of standards that companies are required to follow if they are responsible for transmitting, processing or storing cardholder data. The guidelines address specific concerns ranging from virtual security like firewalls to the physically security of hardware facilities and how paperwork containing cardholder data is stored.
Determining the compliance requirements for any business begins with an evaluation of current operations to determine whether compliance is necessary, or if new strategies can be adopted that bypass the need for compliance. For example, older computer systems may still use full credit card numbers as customer account numbers. Revamping this outdated system to assign neutral account numbers instead would reduce actual card processing down to a central and more manageable amount.
"Although there will still be costs associated with changing any existing internal systems, at least this limits the amount of upgrading older companies would have to accomplish in a short amount of time," says Howard. "Companies wouldn't require the same level of PCI compliance services if they restructure their premises, so they'd enjoy a significant cost savings compared to a total overhaul."
Another option that would drastically reduce the scope of PCI compliance would be to limit the frequency that credit card information is handled at all. For instance, replacing a stored card number with a token system instead offers businesses the same level of convenience, yet with a greater level of security for cardholders. Compliance vulnerabilities are lowered through tokenization as well.
Companies also have the choice to outsource card processing completely to a third party, shifting the compliance responsibility over to processors that already have the right infrastructure and routine to address security issues. Specialist providers who already have the right tools in place can provide higher levels of compliance at a lower cost far more easily than individual businesses who are facing multiple hardware and software upgrades in order to become compliant at all.
For organizations who do need to retain the power to process, store or transmit cardholder data, limiting processes to a minimum number of systems that are then upgraded to the highest security levels provides an acceptable cost-benefit hybrid for companies still struggling to attain compliance. After that, an outside security consultant can determine any remaining vulnerabilities through a series of system tests. In this way, compliance is still achieved, yet the amount of compliance needed is reduced to one or two systems rather than addressing the full internal network.
PCIHosting.com (http://www.pcihosting.com) is a leading source of information on the PCI compliant services industry. Established in 2009, PCIHosting.com keeps up with the latest industry news and provides guides for merchants, assessors, processors and financial institutions on compliance issues. The company also provides free consultations for clients seeking PCI compliant hosting and dedicated servers.
# # #