Credit card council launches cloud security investigation

Credit card council launches cloud security investigation

Time to assess the risks

Article comments

The Payment Card Industry (PCI) Council has set up a task force to examine cloud computing services to figure out what unique exposure credit card data faces if businesses store card information with a cloud provider.

The council, which has issued data security standards that businesses that process credit card transactions must follow in order to be PCI compliant, is looking more closely at cloud computing because its members are using the technology more.

“As a result, the Council is evaluating various options to address more formally, with our participating organisations, how cloud computing applies to the current requirements of the PCI Data Security Standard and where we take the DSS in the future,” the council says in an e-mail reply to questions about its plans.

The PCI council has ongoing revision cycles of its standard in order to keep personally identifiable data as private as possible and minimise the number of data breaches.

The council is also taking a closer look at virtualisation as a possible threat vector that should be separately addressed by the standard, although the council says the current standard might cover it.

“Cloud computing and virtualisation are important issues to our members. We are seeing a rise in the use of virtual servers in the marketplace and by our participating organisations,” the council said.

“The council tries to maintain a technology-neutral approach and address specifically the risk associated with the cardholder data environment. We are currently evaluating whether the current requirements of version 1.2 of the PCI Data Security Standard mitigate emerging threats and vulnerabilities related to virtual components. The council hopes to provide clarity on the topic later this year.”


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *