Virtual security in the cloud is sort of a grey area these days.
Every time you use your credit or debit card, chances are your card numbers are blocked out like this **** 1234. If they aren’t then chances are retailers aren’t PCI (payment card information) compliant.
The PCI security council has established new guidelines for hosting PCI data in the cloud. Now there’s no excuse for exposing our credit card numbers on receipts following sales transaction.
PCI compliant hosting maintains a secure environment whenever credit card transactions are processed but cloud computing has blurred the lines. New guidelines from the PCI security council make it easier for vendors to understand deployment models as well as their PCI responsibilities. The fifty page document outlines standard security controls – which should be applied no matter what the environment may be: IaaS (infrastructure as a service) or PaaS (platform as a service). Since cloud security is somewhat complex the PCI council wants help merchants understand how they can protect payment information in any situation. Unfortunately, there is much confusion as there are different guidelines for every deployment scenario.
Virtual security in the cloud is sort of a grey area these days. If vendors are sending private credit card information over a WAN network, the possibility of fraud exists. Fact is, cyber thieves can and will intercept credit card numbers if they aren’t properly truncated (encrypted). Retails who aren’t hip to PCI compliance can always enlist the services of a PCI compliant colocation provider. No matter if its a cloud hosting company or dedicated server hosting company, there are at least 12 core standards for securing credit card transactions. Step one is to always establish a network firewall and implement strong access control measures. Fraud prevention is an ongoing process but thankfully the PCI security council is here to clarify new guidelines for vendors.
For more information contact Albert Ahdoot