Why does a data center need to comply with the PCI DSS standard? In this article you will find a detailed answer to this question.
A data center is a specialized building that hosts head-end and network equipment.
Data centers are designed for processing, storing and distributing the information. They help large corporations, which are their main customers, to solve their business needs by providing information services.
Data centers host the client servers on their own territory or provide their servers for rent.
Such world-renowned data processing centers as AWS (a division of Amazon), Microsoft Azure, DigitalOcean have certificates of compliance with the PCI DSS standard. In addition, these companies undergo an annual audit for compliance with this standard.
Data processing centers (data centers) are not banks, they do not accept payments. They are not trading networks as well and, generally, they have nothing to do with the plastic payment cards.
A data center hosts the corporate customer equipment on its own territory or in its own cloud.
Before answering the question why these data centers should undergo an audit and receive a certificate of compliance with the PCI DSS standard, it’s necessary to recall what this standard is all about.
Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. It was designed for the benefit of such international payment systems as Visa, MasterCard, American Express, JCB and Discover.
The PCI DSS standard is a set of security requirements for the cardholder data that are stored, transmitted and processed in the information infrastructures of organizations.
Nowadays big companies try to optimize their expenditures for the infrastructure maintaining and thus transfer their servers to the external data centers.
The majority of such big companies must meet the PCI DSS standard requirements by their trade. Therefore, they must store their data in such a center that also complies with the PCI DSS standard.
Stating the case another way: big companies will make use of that data center services, which will be able to protect the head-end equipment and facilities in accordance with the strict PCI DSS standard requirements.
In this day and age we need a very reliable information protection.
If the data center complies with the PCI DSS standard, it means that the information is securely protected.
Where does an ordinary person try to keep his money in? In a place where this money is safe!
A strong box is an excellent place to store cash. But the strong boxes can have good locks as well as the bad ones. Of course, a person will choose the one with a good lock and, if possible, with CCTV monitoring.
Big companies do the same way. They store the information in a secure strong box. In this case, it’s a data center. Meeting all of the requirements and compliance with the PCI DSS standard fulfill a function of a good lock.
Therefore, the world-renowned data processing centers (data centers), which we mentioned above, are annually audited for compliance with the PCI DSS standard.
Let’s look at an example that is very common in our practice.
A large trading network must complete a certification of compliance with the PCI DSS standard.
It’s worth paying attention to the fact that most of them must comply with the PCI DSS standard.
You can read more about it in our article about the trading networks.
This trading network representatives contact our company. During the certification process, our auditors check their servers. It’s not only the check of servers but devices as well. The server working conditions are necessarily checked too.
Let’s assume that this trading network uses the external servers which it takes on lease from the data center. It’s great, if this data center has a certificate of compliance with the PCI DSS standard. In this case, our auditors have no questions for this data center.
But, if this data center doesn’t have the PCI DSS standard certificate, what will happen then?
Our auditors will check if this data center server conditions meet the PCI DSS standard requirements. It takes additional time and expenditures for the client.
Let’s assume that the auditors have revealed that the server maintenance does not comply with the PCI DSS standard requirements. In this case, the trading network will be asked to choose another data center that already has the PCI DSS certificate.
The PCI DSS certificate availability with a data center significantly simplifies the certification procedure for customers who use the services of this center.
Any data center is interested in the steadfast business development and attracting the corporate customers from banking or retail industries. In order to attract such customers, data centers undergo the annual PCI DSS standard certification.
Having a certificate of compliance with the PCI DSS standard, data centers increase their attractiveness and competitiveness. And the most important thing is they demonstrate their concern for the customers.
Our company invites all data centers to complete certification for compliance with the PCI DSS standard.
Read more in the blog