Meeting Payment Card Industry Data Security Standards (PCI-DSS) can be a complex and costly exercise for the average ecommerce merchant. What's challenging is that there's no one-size-fits-all approach to achieving and maintaining PCI compliance.
This is a guest post written and contributed by Elad Yoran, CEO of Vaultive, a Rackspace Cloud Tools partner. Vaultive provides cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services.
The Payment Card Industry (PCI) Data Security Standard (DSS) requires that if you accept, transmit or store credit cardholder data you must meet the requirements contained within the standard. The problem is that many people don't know what that means. If you deal with credit cards and are required to meet the PCI DSS, my advice is to find a way to limit the scope of your compliance as much as possible. Rackspace recently concluded a two-year effort to receive our PCI Service Provider Report on Compliance (ROC) as a Compliant Level 1 Service Provider from Visa USA.
I have been in this field for over 30 years and this is the most exciting time to be dealing with security and risk management. The good news is that there are more tools, resources and support for the industry out there now than at any time in the past. The potential downside of that is there are a lot more people using a lot of different methods to try have a less-than-desirable effect on all of us.