Descoping your infrastructure for improved PCI Compliance

For nearly a year the pandemic has brought many new challenges, including a heightened state of cyber threat. Lockdowns have meant most of us have been at home, using self-serve methods to communicate, purchase items and pay bills. Some businesses have had to begin processing payments remotely from the homes of employees, something hackers are exploiting.

Not only this, Verizon’s latest research  shows that the number of organisations maintaining their PCI compliance status is falling. Their research also found that financial data is the main target for hackers. A decrease in securing sensitive credit card data coupled with less secure payment processes makes for the perfect storm when it comes to data breaches.

Descoping your organisation’s infrastructure from the requirements of PCI DSS is one of the most effective ways of protecting your customers’ data.

In the context of the Payment Card Industry Data Security Standard this translates to keeping customer’s card data out of company systems and minimising contact areas where data is processed or stored. This can be done by outsourcing payment processes to a compliant third party.

When people, processes, and technologies are in scope of PCI DSS, their compliance is measured by security controls. There are more than 360 controls in PCI DSS, but they can all be grouped into the 12 requirements of PCI DSS.

If, however, your organisation can descope their payment processes most of the 12 requirements can be removed.


Five key benefits of descoping your environment from the requirements of PCI DSS:

1) Achieving PCI Compliance – simplifying your journey to PCI Compliance and maintaining it

2) Reduced training requirements and the need for multiple technological solutions = cost savings

3) No sensitive card data stored in your systems, should the worst happen criminals cannot steal data that isn’t there

4) Happier agents – no need for draconian clean room environments and a simplified payment process meaning customer interactions are smoother and faster

5) Happier customers – you’re safeguarding their data and building trust


Descoping means that your organisation is not having to keep up with compliance regulations across each individual PCI DSS requirement. Think of it as an item removed from your to-do list altogether –   We could all do with more of that.

The post Descoping your infrastructure for improved PCI Compliance appeared first on PCI Pal.

*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Stacey Richards. Read the original post at: