More merchants are turning to cloud-based technology providers for payment services such as credit card payment processing. Though the benefits of cloud technology are often clear to most merchants – off-site data storage, increased availability – the risks of this option are also apparent. These threats are primarily related to security, and to address them, the industry’s leading standards board has released new guidelines.
The Payment Card Industry (PCI) Security Standards Council (SSC) released an information supplement earlier this month titled “PCI DSS Cloud Computing Guidelines,” in which the organization outlined a number of best practices for businesses implementing cloud-based payment solutions. Though the PCI SSC stressed the importance of receiving integration support from an experienced provider of credit card processing services, the organization added that merchants need to keep on top of security standards independently.
The guidance suggested that while many merchants may be comfortable allowing their solutions provider full reign over security matters, this arrangement can also lead to misplaced blame when something goes wrong. Too often, businesses are comfortable with assigning fault with their credit cart processing provider without realizing that the responsibility for managing cardholder data is shared between the two parties.
Ultimately, it benefits merchants to establish a connection with a credit card processing company that they can rely on for education and support when it comes to matters of security. This type of relationship is the surest way for merchants to bring up their level of understanding of PCI security measures and safeguard the sensitive information of their customers.
Though guidelines offered by PCI SSC can point merchants in the right direction, it’s up to them to take the next step in achieving PCI compliance.