PCI Certificate

PCI Certificate

How to be PCI compliant – small merchants

January 21, 2014 PCI Compliance No Comments

PCI DSS Compliance is a very hot topic these days. With the number of card data leakage incidents, every organization which cares about the reputation wants to know how to be PCI Compliant. Few days back someone asked me about it again, How to be PCI Compliant?

My first answer to them is nothing but to ensure that no card data is stored if they don.t need them. Today, many retail outlets, clinics, restaurant chains and many others keep the card numbers stored in their databases, application logs etc. Is there a need for it? No, not really. Storing the card numbers potentially leads to the card data leakage. PCI DSS aims at reducing the card data storage. If there is no solid business reason to have the card numbers stored, card numbers should not be stored.

In most cases, the card numbers are stored only for the reference purpose and is never really used for any settlements with the corresponding banks. So if the card numbers stored are just going to be stored in the database without ever using it, the cost of storing the card numbers are much higher than the potential business benefit it would bring.

So according to one of the risk management strategies, Risk Avoidance, the card numbers should not be stored. By storing the card numbers without protection measures you are not in compliance with the PCI DSS standard

So my first answer to the question .How to be PCI Compliant. is nothing but .avoid storing the cardholder data if not needed.. If you are facing challenges in achieving this, use the comments section to share your issues.

merchants

PCI DSS & Network Devices

Cloud solutions & PCI DSS Compliance

Leave a Reply Cancel reply

Recent Posts

  • PCI Compliant Hosting
  • Best Practices to Minimise PCI DSS Exposure
  • How to achieve PCI DSS Compliance
  • PCI DSS File Integrity Monitoring
  • Firewall for PCI Compliance

Recent Comments

    Archives

    • October 2015
    • September 2015
    • June 2015
    • April 2015
    • December 2014
    • October 2014
    • April 2014
    • March 2014
    • January 2014
    • December 2013
    • January 2013

    Categories

    • OpenSource tools PCI Compliance
    • PCI Compliance
    • PCI Policies
    • PCI Segmentation

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Proudly powered by WordPress | Theme: Doo by ThemeVS.