Safeguarding Data At Third-Parties

StorefrontBacktalk has a guest editorial from Walt Conway, a 403 Labs QSA, warning that when you leave a credit card processor for a new one, you (the merchant) are still responsible for the security of the credit card data you have presented to them, even if it is encrypted or tokenized. And what if your service provider goes out of business? To cover yourself in both cases, you need a very well-written service contract, with escrow provisions, to cover these and other possible issues of business-not-as-usual. For details, read Conway's column.