Thursday, May 20, 2010
Safeguarding Data At Third-Parties
StorefrontBacktalk has a guest editorial from Walt Conway, a 403 Labs QSA, warning that when you leave a credit card processor for a new one, you (the merchant) are still responsible for the security of the credit card data you have presented to them, even if it is encrypted or tokenized. And what if your service provider goes out of business? To cover yourself in both cases, you need a very well-written service contract, with escrow provisions, to cover these and other possible issues of business-not-as-usual. For details, read Conway's column.
Labels:
Data Security,
Payment Processing,
PCI-compliance
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment