RSA Jumps into PCI DSS as a Service

Michael Vizard

RSA, the security division of EMC, today will ofer guidance on how to leverage a partnership with First Data Corp. under which the global provider of merchant services will deliver a service for complying with the PCI Data Security Standard (PCI DSS).

According to Branden Williams, director of RSA Security Consulting, many companies are struggling with processing credit card data in a way that meets the complex PCI DSS standard. Rather than process that data and then incur the risk of storing and managing it, First Data will have the exclusive rights to use RSA technology to manage that process.

First Data is not the only company to offer a PCI DSS compliance service as many customers discover that it's much easier to contract a specialist to handle this task.

First Data will assume all the liability for managing that data, and as an expert in all things related to PCI DSS, will make sure that only the credit card data that companies actually need is securely stored.

There have been many complaints over the complexity of the PCI DSS standard. But as more services emerge to manage this process, it may become the exception rather than the rule to have the internal IT department devote precious time and resources to a task that does very little to enhance the bottom line of the company the internal IT department serves.

More from Our Network
Add Comment      Leave a comment on this blog post
Jun 24, 2010 5:40 AM Rob Sadowski Rob Sadowski  says:

While it's true that RSA technology is being used to deliver a service, what I think readers of this Security Brief will find thought-provoking are the authors' predictions about the evolution of the industry where merchants centralize storage of payment card data with outside service providers regardless of who those providers might be -- gateways, card associations, or acquirers to name a few possibilities. They also provide guidance for potential adopters as to what to look for in providers who take on the role of a "repository of risk" for them.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.