It’s not truly possible to take PCI out of scope. You still have a responsibility as the retailer from the time you swipe the credit card to whatever happens to it next.
San Mateo, CA (PRWEB) May 01, 2012
In his latest blog entry on retail thought leadership site WhatsNextRetail.com, Tectura Senior Retail Consultant and Retail Industry Mobility Guru Randy Davidson discusses how retailers are incorrectly assuming that since they are offloading data or credit card processing to the cloud, they can still be PCI-compliant.
Davidson said, “Retailers need to remember that as soon as you touch the credit card, you are responsible, from a PCI perspective. You might not be storing the credit card data, because more and more retailers have moved away from storing that information to make it easier to be PCI compliant, but as soon as you swipe that credit card, and it moves across your network, then you’re responsible for it, from a PCI-compliance perspective.”
“It’s not truly possible to take PCI compliance out of scope. You still have a responsibility as the retailer from the time you swipe the credit card to whatever happens to it next. Even though you don’t store it, the PCI requirement is still there. And then, as you look at what happens with chip and PIN, as it becomes a requirement in the next two or three years, chip and PIN doesn’t replace PCI compliance. It deals with reducing the fraudulent use of credit cards, but PCI compliance still remains an issue.
In his post, Davidson also discusses threats to retailer data as more and more retailers move their data and processing to the cloud.
Randy Davidson is the Senior Retail Industry Analyst at Tectura and a regular contributor to
WhatsNextRetail.com, a thought leadership site led by members of the Retail Industry Partner Community, a network of Microsoft Dynamics partners.