PCI DSS Compliance Blog: PCI Compliant Hosting

« PCI Compliance Deadlines | Main | Penetration Testing and PCI Compliance »

05/18/2009

PCI Compliant Hosting

Stifled by the technical and financial expense of compliance, an increasing number of merchants and software providers are looking to an emerging market, PCI compliance hosting, for help.

Merchants and software vendors who receive, transmit, or store sensitive credit card information are expected to be fully compliant with PCI DSS and/or PA-DSS.  Of course, merchants and vendors who don’t receive, transmit, or store sensitive information are considered “out of scope” of these standards.

Element Payment Services, well-versed in both PCI DSS and PA-DSS, now offers PCI compliant hosting whereby software providers never receive, transmit, or store sensitive data, eliminating the need for conventional compliance.

The onus of compliance in such an arrangement then falls on Element, eliminating a great deal of expense, for the software provider, from the normal compliance process.  This comparison between PA-DSS certification and PA-DSS hosted payments indicates that hosted payments are by far the more affordable option for software providers concerned with compliance.  It should be noted, however, that PA-DSS certification is still relevant for software providers who have a business case for storing cardholder data within their applications. 

Hosted payments, though, is a method by which the responsibility for PA-DSS compliance is shifted from vendors to a payment processing providers such as Element.  By collecting only non-sensitive data from customers, and allowing a payment processing firm like Element to handle all sensitive data, vendors do not receive, transmit, or store sensitive data, and are thus freed from the burden of complicated, and expensive, PA-DSS compliance requirements. 

As PCI DSS requirements and PA-DSS continue to evolve, so too do the companies charged with developing the processes that implement these security standards.  Merchants , software providers, and payment processors alike are faced with an ever-shifting competitive and procedural landscape; fortunately, companies like Element are at the forefront, making PCI compliance as manageable and affordable as possible.  

Related Posts and Pages:

Cost of PCI Compliance

Posted at 03:29 PM in PCI Compliance, Technology |

Technorati Tags: , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010534b0dc03970c01156f9c5efb970c

Listed below are links to weblogs that reference PCI Compliant Hosting:

Comments

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.

If you have a TypeKey or TypePad account, please Sign In