New PCI guidance helps merchants get arms around customer data and the cloud
INFOSECURITY MAGAZINE | February 07, 2013
“Many merchants mistakenly believe that if they outsource everything to a cloud service provider, much of of the responsibility goes away for being PCI compliant – unfortunately, that’s simply not the case,” said Bob Russo, general manager at the PCI Security Standards Council, speaking to Infosecurity. “A merchant needs to ensure that a cloud services provider is PCI-compliant not just for its own piece, but for the entire spectrum, including what that provider is specifically doing for the merchant.”