| Do you store sensitive credit card data on | | | | security measures. This also implies a need |
| your company's own internal system? If so, | | | | for constant monitoring and management and a |
| are you absolutely certain that it is | | | | plan of action in case you do detect |
| sufficiently protected? And are you really | | | | suspicious activities or a full security |
| sure that you understand the consequences of | | | | breach. |
| suffering a security breach? | | | | |
| | | | The unfortunate truth is that in the daily |
| The unfortunate thing is that many companies, | | | | grind of regular business, many companies |
| even large national chains, are not properly | | | | simply don't have the time or resources to |
| guarded or prepared for the consequences of | | | | devote to data security that are, in truth, |
| insufficient security. These companies have | | | | very necessary. |
| spent millions of dollars to implement | | | | |
| security measures and still they suffer | | | | The major benefit of remote storage, then, is |
| breaches. | | | | that you are trusting this information to a |
| | | | company whose business is making sure that it |
| New solutions were needed to cover some of | | | | all remains safe. Nothing else gets in the |
| the loopholes that had a tendency to crop up | | | | way of securing their systems because their |
| in conventional security methods. Remote | | | | entire business depends on effectively |
| storage of credit card data is one of the | | | | guarding your sensitive information. |
| easier and more obvious choices for data | | | | |
| security. | | | | Now consider all the other ways that |
| | | | sensitive information can be compromised on |
| Remote storage of credit card data is also a | | | | your own system. Remember, threats don't just |
| great way to meet PCI compliance. The PCI DSS | | | | come from outside your company. It only takes |
| (Payment Card Industry Data Security | | | | a single, ethically questionable employee on |
| Standard) was developed to help guide | | | | the inside to cause a lot of problems. |
| companies in their efforts toward | | | | |
| implementing sufficient security. Now any | | | | There are a couple of requirements in the PCI |
| company that processes, stores, or transmits | | | | DSS that were created to deal with this very |
| credit card information is required to become | | | | issue. For example, the seventh requirement |
| PCI compliant, but this process can be a time | | | | states that you must "restrict access to |
| consuming and costly procedure. But remote | | | | cardholder data by business need-to-know", |
| storage of credit card data is one solution | | | | and the ninth requirement mandates that you |
| to a number of the PCI DSS requirements. | | | | "restrict physical access to cardholder |
| | | | data." |
| The first and most obvious benefit to remote | | | | |
| storage of credit card data is the simple | | | | In any given company there are some specific |
| fact that criminals can't steel something | | | | people who need access to this sensitive |
| from you that you don't actually have. No | | | | information. But unfortunately, in many given |
| matter what security measure you implement, | | | | companies, many unnecessary people have |
| chances are there's someone out there just a | | | | access to this information. And should any of |
| couple steps ahead of all the current | | | | those people happen to have criminal |
| security systems. In these cases, they find | | | | inclinations, you could be in a lot of |
| little holes in the system and, if you aren't | | | | trouble. These are the people who have |
| on constant guard, they'll get in and cause | | | | physical access to your systems, and these |
| some serious damage. But if there's nothing | | | | are the people who are most likely to find or |
| there for them to take, there's no reason for | | | | steal encryption keys. |
| them to stick around. | | | | |
| | | | Remote storage of credit card data is a |
| Which brings up another benefit to remote | | | | simple way to remove this sensitive |
| storage systems. If you're going to store and | | | | information from the prying eyes and reaching |
| manage sensitive information on your own | | | | hands of people who should not have it. It is |
| system then you must be prepared to spend all | | | | possibly one of the best ways to ensure data |
| the necessary time, effort, and money to stay | | | | security and get closer to PCI compliance. |
| compliant and up-to-date with current | | | | |