PCI SSC releases guidance on 3rd party relations for card data security
The Payment Card Industry (PCI) Council has released updated guidelines to help merchants insure their Payment Service Providers (PSP) have implemented the necessary security measures to protect sensitive payment card data.
The update comes as part of PCI’s third-party security assurance program intended to boost credit and debit card security. The program forces Internet and Cloud Cloud The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc Read this Term service providers, online storage firms, call centers and other companies that offer services to retailers to disclose the needed security controls for protecting cardholder data.
Beginning July 2015, all merchants interested in maintaining PCI Compliance Compliance In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a Read this Term must obtain written assurance from each of their 3rd party service providers stating the level of security and the provider's readiness to handle credit and debit card data securely.
The full guidelines were developed by PCI’s special interest group and offer tips on merchant PSP relations when it comes to the shared responsibility for implementing PCI security measures. Furthermore, the guidance is intended to help develop consistent third-party agreements and policies with merchants and the 3rd party providers themselves.
According to Troy Leach, chief technology officer at the PCI Security Standards Council, the new set of guidelines comes as the result of more and more merchants outsourcing 3rd party services. Leach added that most merchants refrain from heavy investigating their service providers, believing they possess strong security controls.
“Often, service providers have relationships with other third parties. With such nested relationships it becomes especially important for merchants to ensure that cardholder data is adequately protected along the entire chain,” Leach added.
What are your thoughts? Is maintaining a tight relationship with your PSP important, or does it seem like overkill? Let us know in the comment section below.
The Payment Card Industry (PCI) Council has released updated guidelines to help merchants insure their Payment Service Providers (PSP) have implemented the necessary security measures to protect sensitive payment card data.
The update comes as part of PCI’s third-party security assurance program intended to boost credit and debit card security. The program forces Internet and Cloud Cloud The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc Read this Term service providers, online storage firms, call centers and other companies that offer services to retailers to disclose the needed security controls for protecting cardholder data.
Beginning July 2015, all merchants interested in maintaining PCI Compliance Compliance In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a Read this Term must obtain written assurance from each of their 3rd party service providers stating the level of security and the provider's readiness to handle credit and debit card data securely.
The full guidelines were developed by PCI’s special interest group and offer tips on merchant PSP relations when it comes to the shared responsibility for implementing PCI security measures. Furthermore, the guidance is intended to help develop consistent third-party agreements and policies with merchants and the 3rd party providers themselves.
According to Troy Leach, chief technology officer at the PCI Security Standards Council, the new set of guidelines comes as the result of more and more merchants outsourcing 3rd party services. Leach added that most merchants refrain from heavy investigating their service providers, believing they possess strong security controls.
“Often, service providers have relationships with other third parties. With such nested relationships it becomes especially important for merchants to ensure that cardholder data is adequately protected along the entire chain,” Leach added.
What are your thoughts? Is maintaining a tight relationship with your PSP important, or does it seem like overkill? Let us know in the comment section below.