IT Solutions: PCI DSS in a Cloud Computing Environment
Cloud computing can provide some significant benefits to merchants who would like to find more efficient ways of processing customer payments. Making the move to cloud computing can seem daunting in some cases because it may involve having cardholder data reside on systems that are not completely within the merchant's zone of control. This serious concern is only underlined by the fact that the merchant ultimately remains responsible for the use and misuse of the data.
This means that even in a cloud computing environment, merchants must find ways to implement and fully maintain PCI DSS compliance. This acronym refers to the data security standard adopted by the payment card industry. Because interest in virtualization has been so high in recent years, the Security Standards Council for the PCI has issued a guidance document to assist businesses and other organizations to learn how to use cloud service providers as part of their payment processing.
According to Michael Dahn, who directs threat management at financial management firm PricewaterhouseCoopers, "You may approach a vendor that offers cloud services and they may have been validated as a PCI-compliant provider, but putting your payment systems in their environment does not make you compliant."
To be sure that they are in fact fully compliant as they adopt IT solutions that include cloud providers, businesses should consider working closely with an IT consulting firm with experience in the many issues associated with PCI compliance. Consultants can help businesses choose the right provider for their needs as well as assist them with implementation and compliance issues.