Engagement with customers online has evolved from novelty to necessity, with an estimated $202 billion spent in 2011 and projected 10% growth to $327 billion in 2016, according to Forrester Research. Businesses are maneuvering to connect with the growing pool of online customers, but the move to eCommerce brings new security risks with the exchange of sensitive consumer information, including cardholder data and personally identifiable information that can enable identity theft. At stake is reputation of brand, ongoing access to merchant credit lines, and substantial penalties and remediation in the event of a breach.
This white paper elucidates the aspects of PCI DSS (Payment Card Industry Data Security Standards) compliance that must be considered when choosing a secure environment for servers involved in eCommerce. Whether deciding to outsource or keep data hosting in-house, any company collecting, storing or transmitting customer cardholder data needs to be compliant, and this document helps pinpoint the specific concerns and standards a company should be aware of when choosing how to keep their data secure. Understanding requirements and best practices for security policies and procedures, physical safeguards, and security technologies is essential to establishing cardholder data security and meeting QSA and SAQ audit requirements.