PCI DSS Compliance Blog: Remote Credit Card Data Storage Facilitates PCI Compliance

« Cost of PCI Compliance | Main | Prioritized Approach to PCI DSS »

03/02/2009

Remote Credit Card Data Storage Facilitates PCI Compliance

PCI DSS requires businesses to protect their customer’s credit card information.  And as the growing number of data security breaches attests, the need to carry out this requirement is greater than ever for merchants. 

Remote Credit Card Data Storage

A smart first step towards protecting customer credit card information is remote storage of the data.  In other words, if the data is not present, what is there to steal? Some progressive payment processing companies, including Element Payment Services, offer off-site credit card data storage for their customers along with their payment processing system.  

After a credit card transaction, the customer’s card data is sent to a PCI DSS compliant remote storage facility and removed from the merchant’s location.     

Access to Off-Site Credit Card Data

But what if your customer needs to pay for a large purchase over a period of time or on a subscription basis?  What if a return needs to be made? 

While the data is securely stored off-site, a merchant still has access to it through a unique identifier that “points” to the data in the storage facility.   Using this unique identifier, the merchant can utilize tCredit card data storagehe cardholder data for recurring billing or to resolve transaction questions, but a hacker cannot access it even if they break through the security barriers at the merchant site.  The merchant receives approval response details in the same way as if they had processed the full card number themselves, only without the sensitive cardholder data.

 


Reduction of PCI DSS Scope with Off-Site Storage 

When a merchant eliminates the presence of their customer’s credit card data through off-site storage, they are also easing the process of PCI DSS compliance.  A business that outsources their data storage is able to fill out a shortened version of the annual PCI DSS assessment, the PCI SAQ, as we blogged about in our PCI SAQ Made Easy post previously.  The length of the self-assessment questionnaire can be cut in half, from 31 to 16 pages. 

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010534b0dc03970c011168a3ef43970c

Listed below are links to weblogs that reference Remote Credit Card Data Storage Facilitates PCI Compliance:

Comments

You have provided us with a good knowledge about PCI DSS.
Regards,
Data processing services

Data Vault's remote backup service helps protect your business by sending copies of your critical data files to our secure offsite data storage facility every night

Thank you for the information, as credit card storage is a sensitive issue, this may help.

And it is getting ever more sensitive for the hospitality industry, Cornwall Rooms. You might want to check out this article, too: http://www.digitaltransactions.net/newsstory.cfm?newsid=2439.

thanxs for this post you have a good knowledge of PCI. Keep posting more on PCI. I got very less knowldege on credit card storage.

The comments to this entry are closed.

Search Blog


Your email address:

Bookmark and Share




Resources

About PCI DSS Compliance Blog

Email Us

PCI Compliance Resources

Industry News on Twitter


Visit Element on