PCI Compliance for Outsourced eCommerce Applications

6 Pages Posted: 25 May 2009

Date Written: May 3, 2009

Abstract

This is the extension of project involving educating a local corporation on Payment Card Industry Data Security Standard compliance, widely known as "PCI compliance." PCI compliance is a matter of adhering to the pseudo-regulatory standard of a consortium of payment card companies. Any company which accepts payment cards - including the ubiquitous credit card - must be compliant or face fines from the payment card companies and liability in the event of a data breach.

This is the written result of this project, made anonymous. It makes the business case for PCI compliance, and then explains the mechanics of attaining compliance. This article is suitable for any organization that has an eCommerce front that they outsource. Doing so significantly reduces their exposure, as is explained.

Keywords: PCI, DSS, SSC, PCI DSS, Security Standards Council, payment card industry, data security standard, data breach, PCI compliance, PCI compliant, Hannaford, TJX, Heartland Payment Systems, ChoicePoint, LexisNexis, Report on Compliance, dataflow diagram

Suggested Citation

Gilbert, Brendan James, PCI Compliance for Outsourced eCommerce Applications (May 3, 2009). Available at SSRN: https://ssrn.com/abstract=1409136 or http://dx.doi.org/10.2139/ssrn.1409136

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
164
Abstract Views
1,125
Rank
327,446
PlumX Metrics