PCI Compliance and the Top Misconception About PCI in the Cloud

June 11, 2018 Holly Enneking

For those running today’s top commerce sites, customers’ payment security is likely a top-of-mind concern. Any organization or website who accepts or processes payment that come in the form of payment cards are required to comply by Payment Card Industry Data Security Standards (PCI DSS). These standards exist to help protect credit card data.  Unfortunately, it can be challenging to keep up to date on the latest requirements coming out of the PCI Security Council for PCI DSS.

Non-compliance can result in fines and penalties in the billions of dollars and many companies have been forced to close their doors by inadequately covering their PCI DSS. Aside from the business impact, a lack of PCI compliance can ruin a customer’s financial life should their accounts be compromised and their security put at risk and no company wants to bare that burden.

The goals of the PCI Data Security Standards are simple. Ranging from “Building and Maintaining a Secure Network” to “Maintaining an Information Security Policy”, the standards all work to ensure that cardholder data is protected against security breaches. Putting these safeguards in place is not only imperative to be considered PCI DSS compliant, but the alternative is simply not an option for today’s businesses.

The industry is experiencing a shift in architecture between on-premise to cloud-based solutions. As cloud-based commerce continues to rise, online retailers and technology providers like Salesforce Commerce Cloud have had to find ways to ensure that e-commerce complies with the latest PCI DSS.

Still, cloud-based commerce can get a bad reputation. A common misconception is that cloud-based infrastructures inherently lack security because of shared resources within a multi-tenant model, but reality this is far from the truth.

In fact, cloud-based solutions feature much more robust security than typical on-premise commerce solutions.  When operating an on-premise solution, the combination of versions, operating systems, networking, and servers is typically unique in some way. It would be impossible for an on-premise ecommerce platform provider to test and certify each combination for true compliance. As an individual purchasing the platform, security testing can be rather limited.

With cloud-based systems, there are only a few possible combinations of environments and in many cases the environment is homogenesis, creating a more predictable structure.  Without infinite combinations, it is much easier to gain confidence in the security of your cloud-based environment.  Therefore, more compliance activities can be done by the cloud provider leaving less work for the online retailer.

Amazon lead the way for cloud-based compliance with the PCI certification for AWS, which is certified as a PCI DSS 3.2 Level 1 Service Provider. Salesforce provides PCI DSS Level 1 compliance for Salesforce Commerce Cloud.  Salesforce also includes PCI compliance in addition to many other industry and regulatory standards procedures.

Paying attention to Payment Card Industry Data Security Standard (PCI DSS) compliance on today’s commerce sites needs to be a priority. For those responsible in maintaining commerce sites and the secure delivery, keeping up on ever changing PCI standards to be in compliance is vital. Getting the information directly from the PCI Security Council is the best way to stay up-to-date and avoid misinformation.   Those leading in compliance today are operating on cloud-based solutions, to make it even easier.

Thinking that cloud-based systems are not secure is just one of the many misconceptions propagated online. Read on as we debunk PCI compliance misconceptions and pave the path for enhanced security.

Previous Article
Creating a 360° View of Sales Processes via Sales Cloud
Creating a 360° View of Sales Processes via Sales Cloud

By standing up a Sales Cloud account, the company gained the ability to track the sales cycle for each cust...

Next Article
Levementum Announces Rebrand To Lev
Levementum Announces Rebrand To Lev

INDIANAPOLIS (June 11, 2018) — Levementum, a digital marketing, eCommerce, and IoT consultancy with offices...