Even though you may have those applications hosted in the cloud or stored off-site, whatever the case is, those facilities or those locations will become part of your PCI compliance requirement, because they are accessible from your network.
San Mateo, CA (PRWEB) June 18, 2012
In a two-part podcast that covered a wide-range of major issues facing retailers today, Tectura Senior Retail Consultant and Retail Industry Guru Randy Davidson discusses the myths surrounding PCI compliance, emerging chip and PIN standards, the cloud, and best practices for retailers to consider to ensure they are in compliance. Davidson works with retailers around the globe to help them develop and implement the most effective business solutions to help them grow. He is recognized as an expert on a wide-range of topics facing retailers.
Davidson said, “One of the key issues that’s top of mind for retailers is PCI compliance. PCI compliance has been a requirement for nearly a decade however companies are still struggling with understanding PCI and ensuring that they are PCI compliant.”
Davidson also covered the impact to retailers of MasterCard and Visa’s recent announcements that chip and PIN is going to be a reality by 2015.
“It impacts card presence transactions, and for retailers particularly, it ultimately means that they’re going to have to touch every point of sale terminal in some capacity, as well as managing upgrades to software and infrastructure. Also, the chip and PIN standard represents a liability shift. Ultimately what that means is that if there is a fraudulent transaction, and a credit card has not been processed using the chip and PIN requirement, then the retailer becomes liable for any of that fraud, where today the liability, based on the current standards, is with the bank," he said.
Davidson addressed the mistaken notion that chip and PIN will replace PCI compliance.
“That’s somewhat of a misconception that many people have, that chip and PIN is adding an additional level of security at the moment in time a card transaction is processed. But it doesn’t change the PCI requirement, and although they’re coupled together in some capacity, PCI compliance deals with the storage of credit card data or how it’s handled from an infrastructure security perspective. The chip and PIN technology adds just that additional level of security at the time of processing.”
Back to PCI compliance, Davidson said there’s still actually a lot of misconception about PCI compliance. “I actually talked about that in one of my recent What’s Next Retail blog entries. A lot of retailers still believe that PCI compliance just relates to the POS software itself. But the requirements actually go farther than that, because beyond the software, or the database structure, there are policies or processes that need to be put in place. The risks of not being PCI compliant can be very significant.”
On the podcast, Davidson also addressed the cloud and how it will impact retailers and payment processing compliance.
“Retailers will say that they we want their credit application hosted someplace else and not stored on their servers, thinking that maybe it helps reduce the risk or the requirement for PCI. Ultimately that’s a myth, because from a PCI security perspective, even though you may have that application hosted offsite someplace, it’s still accessible from your network. And ultimately the PCI compliance comes into play from the moment you accept or swipe that credit card at the POS terminal.”
“Even though you may have those applications hosted in the cloud or stored off-site, whatever the case is, those facilities or those locations will become part of your PCI compliance requirement, because they are accessible from your network,” he said.
A link to both parts of the podcast can be found here.
Randy Davidson is the Senior Retail Industry Analyst at Tectura and a regular contributor to
WhatsNextRetail.com, a thought leadership site led by members of the Retail Industry Partner Community, a network of Microsoft Dynamics partners