CNP Expo: Tackling PCI Compliance

May 22, 2013

As payment details increasingly are stored in the cloud to be accessed by mobile or digital wallets, security concerns are increasing in tandem. Businesses leveraging the cloud will have options when setting up security for their various solutions. But, panelists at a Wednesday morning CNP Expo session titled “A Necessary Evil: Strategies for Reducing Your PCI Scope” warned companies to be careful choosing partners and ask them as many questions as possible about their operation.

“They need to be protecting your data at the level you are protecting your data,” said Alex Pezold, TokenEx CEO and co-founder.

Complying with the new standards for security can deflect your attention from increasing sales, as new payment technology comes online. New regulations are coming out in October, but the panel warned against letting regulations determine how you operate. Concentrating too much on the letter of the law might cause a business to set up procedures that inconvenience customers.

“There are so many moving parts,” said moderator Greg McGraw, CEO and co-founder of PayPlum.

To minimize security problems, companies should closely monitor how the card data moves, which might reveal that information is exposed to employees who do not need to see it.

“You really have to be a detective or investigator in your organization,” said Stephen Bell, Intown Suites Management director of IT. “We tried to reduce the number of people who were touching the card data. We were able to identify all those holes in the flow.”