TMCnet - World's Largest Communications and Technology Community



Cloud Hosting Article

PCI DSS: Keep Sensitive Data Secure with the Right Service Provider

  By Allison Boccamazzo, TMCnet Web Editor

What is the payment card industry data security standard (PCI (News - Alert) DSS)? Simply put, it’s an evolving set of security requirement designed specifically for the storage, process or transmitting of cardholder data that businesses even outside the payment card industry are deploying to meet a range of industry requirements. 609 million credit cards were held by U.S. consumers in 2010, and in a matter of two years, that number has exponentially grown, with the U.S. Census Bureau projecting about 1.1 billion to be issued by the end of this year. As you can only imagine, it’s extremely important to achieve successful PCI DSS compliance to keep sensitive data secure while businesses conduct annual credit card transactions which are becoming increasingly complex.

In order to achieve compliance in-house, it’s necessary to have significant expertise, however, some PCI DSS service providers don’t truly deliver the comprehensive compliance solution needed, and some can even fail to meet a majority of compliance requirements in general. A recent whitepaper by Datapipe (News - Alert), “Outsourcing PCI Compliance: Selecting the Right Service Provider to Achieve and Maintain PCI Compliance,” helps provide tips and suggestions to stay on the right track with this emerging and vital trend.

“A comprehensive solution is more than just hardware or software solutions. Achieving and maintaining PCI DSS compliance requires specialized skills and experience that only a few providers can deliver. The right provider will also offer the resources and expertise necessary to accommodate company growth and scale a PCI DSS solution,” the company explains. “When selecting a certified service provider look for one with a deep understanding of the specific requirements of PCI DSS, demonstrated expertise in secure network architecture (including proper network segmentation to reduce the number of system components considered in-scope), and security service design and implementation.”

Seeing how the organization that is storing or processing the cardholder data will likely be liable for any gaps in compliance, it is also essential that the service provider deliver a transparent service agreement that clearly defines both the client’s and the provider’s responsibilities, Datapipe insists.

These don’t have to be problems when it comes to companies such as Datapipe, who deliver the resources, expertise and services needed to help established and growing companies not only achieve compliance but also maintain a secure cardholder data environment.

For example, as a Visa certified Level 1 service provider, Datapipe’s PCI solution provides industry-proven methodologies as well as best-of-breed security service offerings. Datapipe’s high-performance security services include but are not limited to:

  • Patch management
  • Intrusion (News - Alert) Detection Systems (IDS)
  • Anti-malware protection
  • Vulnerability assessment
  • Real-time system configuration assessment
  • Transparent Database Encryption (TDE)

Needless to say, companies who fail to protect their consumer credit card data face serious repercussions including lawsuits and fines, but outsourcing the right provider enables businesses to achieve and maintain compliance while controlling costs.

When looking for a PCI DSS service provider, consider the following as a checklist:

  • Deep knowledge of the PCI standard and its specific requirements
  • One who can demonstrate their expertise in such things s network architecture and implement sound security designs to help achieve compliance
  • Compliance reporting assistance
  • Clearly defined responsibilities, offering transparency into their operations
  • Administrative controls
  • PCI-certified facilities
  • And last, choose a provider that is positioned to scale your compliance solution with the growth of your company

To learn more about Datapipe’s Level 1 PCI DSS solution, click here.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.

Edited by Brooke Neuman

Technology Marketing Corporation

800 Connecticut Ave, 1st Floor East, Norwalk, CT 06854 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments:
Comments about this site:


© 2015 Technology Marketing Corporation. All rights reserved | Privacy Policy