The Payment Card Industry Data Security Standard (PCI DSS) was updated to version 2.0 in 2010, and experts say updates slated for late 2013 should be minor.
But that hasn't slowed ongoing PCI compliance initiatives at many organizations. The adoption of emerging technologies is forcing merchants to reassess data security controls to ensure continued PCI DSS compliance. Companies are using the latest PCI guidance documents on point-to-point encryption, tokenization and virtualization to better secure data and, in many cases, eliminate credit card data from their environment, said Diana Kelley, a partner at Amherst, N.H.-based consulting firm SecurityCurve.
In this video interview, Kelley explains how merchants are using the guidance reports to help maintain compliance when adopting cloud-based services. PCI compliance in the cloud is possible, Kelley says, but it poses some interesting challenges in maintaining transparency into the cloud provider's systems and processes and who ultimately is responsible for protecting the credit card data.