Credit card council looks into cloud security

Cloud Security Alert By Tim Greene , Network World

Cloud security is enough of a potential problem that it’s being investigated by the group that sets standards for protecting credit card data.

The Payment Card Industry (PCI) Council has set up a task force to examine cloud computing services to figure out what unique exposure credit card data faces if stores, restaurants, hotels and the like relegate their card information to a provider.

The council, which has issued data security standards that businesses that process credit card transactions must follow in order to be PCI compliant, is looking more closely at cloud computing because its members are using the technology more.

“As a result, the Council is evaluating various options to address more formally, with our participating organizations, how cloud computing applies to the current requirements of the PCI Data Security Standard and where we take the DSS in the future,” the council says in an e-mail reply to questions about its plans.

The PCI council has ongoing revision cycles of its standard in order to keep personally identifiable data as private as possible and minimize the number of data breaches. The council is also taking a closer look at virtualization as a possible threat vector that should be separately addressed by the standard, although the council says the current standard might cover it.

Continue Reading at Network World