Credit card council looks into cloud computing security

By , Network World |  Security

Cloud security is enough of a potential problem that it’s being investigated by the group that sets standards for protecting credit card data.

The Payment Card Industry (PCI) Council has set up a task force to examine cloud computing services to figure out what unique exposure credit card data faces if stores, restaurants, hotels and the like relegate their card information to a provider.

The council, which has issued data security standards that businesses that process credit card transactions must follow in order to be PCI compliant, is looking more closely at cloud computing because its members are using the technology more. “As a result, the Council is evaluating various options to address more formally, with our participating organizations, how cloud computing applies to the current requirements of the PCI Data Security Standard and where we take the DSS in the future,” the council says in an e-mail reply to questions about its plans.

The PCI council has ongoing revision cycles of its standard in order to keep personally identifiable data as private as possible and minimize the number of data breaches. The council is also taking a closer look at virtualization as a possible threat vector that should be separately addressed by the standard, although the council says the current standard might cover it.

“Cloud computing and virtualization are important issues to our members. We are seeing a rise in the use of virtual servers in the marketplace and by our participating organizations,” the council says in a written statement.

“The council tries to maintain a technology-neutral approach and address specifically the risk associated with the cardholder data environment. We are currently evaluating whether the current requirements of version 1.2 of the PCI Data Security Standard mitigate emerging threats and vulnerabilities related to virtual components. The council hopes to provide clarity on the topic later this year.”

Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question