| Do you store sensitive credit card data | | | | necessary time, effort, and money to |
| on your company's own internal system? | | | | stay compliant and up-to-date with |
| If so, are you absolutely certain that | | | | current security measures. This also |
| it is sufficiently protected? And are | | | | implies a need for constant monitoring |
| you really sure that you understand the | | | | and management and a plan of action in |
| consequences of suffering a security | | | | case you do detect suspicious activities |
| breach? | | | | or a full security breach. |
| The unfortunate thing is that many | | | | The unfortunate truth is that in the |
| companies, even large national chains, | | | | daily grind of regular business, many |
| are not properly guarded or prepared for | | | | companies simply don't have the time or |
| the consequences of insufficient | | | | resources to devote to data security |
| security. These companies have spent | | | | that are, in truth, very necessary. |
| millions of dollars to implement | | | | The major benefit of remote storage, |
| security measures and still they suffer | | | | then, is that you are trusting this |
| breaches. | | | | information to a company whose business |
| New solutions were needed to cover some | | | | is making sure that it all remains safe. |
| of the loopholes that had a tendency to | | | | Nothing else gets in the way of securing |
| crop up in conventional security | | | | their systems because their entire |
| methods. Remote storage of credit card | | | | business depends on effectively guarding |
| data is one of the easier and more | | | | your sensitive information. |
| obvious choices for data security. | | | | Now consider all the other ways that |
| Remote storage of credit card data is | | | | sensitive information can be compromised |
| also a great way to meet PCI compliance. | | | | on your own system. Remember, threats |
| The PCI DSS (Payment Card Industry Data | | | | don't just come from outside your |
| Security Standard) was developed to help | | | | company. It only takes a single, |
| guide companies in their efforts toward | | | | ethically questionable employee on the |
| implementing sufficient security. Now | | | | inside to cause a lot of problems. |
| any company that processes, stores, or | | | | There are a couple of requirements in |
| transmits credit card information is | | | | the PCI DSS that were created to deal |
| required to become PCI compliant, but | | | | with this very issue. For example, the |
| this process can be a time consuming and | | | | seventh requirement states that you must |
| costly procedure. But remote storage of | | | | "restrict access to cardholder data by |
| credit card data is one solution to a | | | | business need-to-know", and the ninth |
| number of the PCI DSS requirements. | | | | requirement mandates that you "restrict |
| The first and most obvious benefit to | | | | physical access to cardholder data." |
| remote storage of credit card data is | | | | In any given company there are some |
| the simple fact that criminals can't | | | | specific people who need access to this |
| steel something from you that you don't | | | | sensitive information. But |
| actually have. No matter what security | | | | unfortunately, in many given companies, |
| measure you implement, chances are | | | | many unnecessary people have access to |
| there's someone out there just a couple | | | | this information. And should any of |
| steps ahead of all the current security | | | | those people happen to have criminal |
| systems. In these cases, they find | | | | inclinations, you could be in a lot of |
| little holes in the system and, if you | | | | trouble. These are the people who have |
| aren't on constant guard, they'll get in | | | | physical access to your systems, and |
| and cause some serious damage. But if | | | | these are the people who are most likely |
| there's nothing there for them to take, | | | | to find or steal encryption keys. |
| there's no reason for them to stick | | | | Remote storage of credit card data is a |
| around. | | | | simple way to remove this sensitive |
| Which brings up another benefit to | | | | information from the prying eyes and |
| remote storage systems. If you're going | | | | reaching hands of people who should not |
| to store and manage sensitive | | | | have it. It is possibly one of the best |
| information on your own system then you | | | | ways to ensure data security and get |
| must be prepared to spend all the | | | | closer to PCI compliance. |