PCI Compliance for Outsourced eCommerce Applications
6 Pages Posted: 25 May 2009
Date Written: May 3, 2009
Abstract
This is the extension of project involving educating a local corporation on Payment Card Industry Data Security Standard compliance, widely known as "PCI compliance." PCI compliance is a matter of adhering to the pseudo-regulatory standard of a consortium of payment card companies. Any company which accepts payment cards - including the ubiquitous credit card - must be compliant or face fines from the payment card companies and liability in the event of a data breach.
This is the written result of this project, made anonymous. It makes the business case for PCI compliance, and then explains the mechanics of attaining compliance. This article is suitable for any organization that has an eCommerce front that they outsource. Doing so significantly reduces their exposure, as is explained.
Keywords: PCI, DSS, SSC, PCI DSS, Security Standards Council, payment card industry, data security standard, data breach, PCI compliance, PCI compliant, Hannaford, TJX, Heartland Payment Systems, ChoicePoint, LexisNexis, Report on Compliance, dataflow diagram
Suggested Citation: Suggested Citation