Remote Credit Card Data Storage Facilitates PCI Compliance
PCI DSS requires businesses to protect their customer’s credit card information. And as the growing number of data security breaches attests, the need to carry out this requirement is greater than ever for merchants.
Remote Credit Card Data Storage
A smart first step towards protecting customer credit card information is remote storage of the data. In other words, if the data is not present, what is there to steal? Some progressive payment processing companies, including Element Payment Services, offer off-site credit card data storage for their customers along with their payment processing system.
After a credit card transaction, the customer’s card data is sent to a PCI DSS compliant remote storage facility and removed from the merchant’s location.
Access to Off-Site Credit Card Data
But what if your customer needs to pay for a large purchase over a period of time or on a subscription basis? What if a return needs to be made?
While the data is securely stored off-site, a merchant still has access to it through a unique identifier that “points” to the data in the storage facility. Using this unique identifier, the merchant can utilize the cardholder data for recurring billing or to resolve transaction questions, but a hacker cannot access it even if they break through the security barriers at the merchant site. The merchant receives approval response details in the same way as if they had processed the full card number themselves, only without the sensitive cardholder data.
Reduction of PCI DSS Scope with Off-Site Storage
When a merchant eliminates the presence of their customer’s credit card data through off-site storage, they are also easing the process of PCI DSS compliance. A business that outsources their data storage is able to fill out a shortened version of the annual PCI DSS assessment, the PCI SAQ, as we blogged about in our PCI SAQ Made Easy post previously. The length of the self-assessment questionnaire can be cut in half, from 31 to 16 pages.