PCI compliance in the cloud shouldn't scare companies away


As a way to reduce costs and infrastructure complexities, many retailers are migrating their transaction management processes to cloud computing environment. However, PCI compliance still applies to the cloud, and merchants should be aware of the standards required of them to keep sensitive customer information safe, according to a TechTarget report.

"You may approach a vendor that offers cloud services and they may have been validated as a PCI-compliant provider, but putting your payment systems in their environment does not make you compliant," Michael Dahn of PricewaterhouseCoopers said, according to TechTarget.

pci in the cloud

While there are many benefits of migrating to the cloud, including fewer maintenance responsibilities, businesses should also be aware of the challenges they may encounter. After all, PCI compliance relates to the service being delivered, not the back office operations, the news source reported.

As a result, merchants should have detailed service-level agreements in place that determine accountabilities in regards to certain security incidents. Retailers should also know who is responsible for maintaining and monitoring the data security practices in place, TechTarget said.

"There are many merchants that have been using cloud services for their payment processes for a long time," Forrester Research analyst Chenxi Wang said, according to TechTarget. "While merchants are ultimately responsible, there's shared responsibility with the cloud provider."

Nevertheless, the migration to the cloud should not be feared or avoided. Taking early precautions can help businesses avoid common mistakes and, as a result, allow companies to perform electronic data interchanges better while saving money, the news source noted.

One thing to do in preparation is know what applications, services and processes will be moving to the cloud, TechTarget said. This will give companies a better understanding and view of the entire process, allowing them to make adjustments for a smoother and more secure transition.

Additionally, if retailers maintain complete control over the cardholder environment, it will be easier to manage.

That way, companies can, for instance, use EDI and other secure file transfer solutions through the cloud, while the merchant governs over the information. In fact, more cloud providers are providing EDI support in today's business world, according to Gartner Research. This is making the transportation of data between companies simpler and more secure.

In the end, PCI compliance in the cloud comes down to how well the retailer plans its migration and processes.