Skip to main content

Descoping Your Infrastructure for Improved PCI Compliance

Computer half open on a desk

For nearly a year the pandemic has brought many new challenges, including a heightened state of cyber threat. Lockdowns mean most of us have been at home, using self-serve methods to communicate, purchase items and pay bills. Some businesses have had to begin processing payments remotely from the homes of employees.

And hackers are exploiting these circumstances.

To make matters worse, Verizon’s latest research shows that the number of organisations maintaining their PCI compliance status is falling. Their research also found that financial data is the main target for hackers. A decrease in securing sensitive credit card data coupled with less secure payment processes makes for the perfect storm when it comes to data breaches.

With so much at risk, organisations need an effective solution.

The Solution: Descoping Your Infrastructure

Descoping your infrastructure from the requirements of PCI DSS is one of the most effective ways to protect your customers’ data.

In the context of the Payment Card Industry Data Security Standard, this translates to keeping customers’ card data out of company systems and minimising contact areas where data is processed or stored. This can be done by outsourcing payment processes to a compliant third party.

When people, processes, and technologies are in scope of PCI DSS, their compliance is measured by security controls. There are more than 360 controls in PCI DSS, and they can all be grouped into the 12 requirements of PCI DSS.

When your organisation descopes the payment processes, most of the 12 requirements (and correlating controls) can be removed.

Five key benefits of descoping 

1. Achieving PCI Compliance 

By bringing less data into your organisation’s environment from the start, descoping simplifies your journey to PCI compliance and makes it easier to maintain.

2. cost savings

Descoping saves your organization money by (1) reducing the amount of training contact centre agents must receive and (2) minimizing the number of technological solutions your organisation needs to successfully do business.

3. Fool-proof Security

Since descoping prevents sensitive data from ever entering your environment, would-be bad actors leave empty-handed. After all, they can’t steal that which isn’t there.

4. Happy Employees

With descoping, there’s no need for draconian clean room environments. Plus, the resulting simplified payment process means customer interactions are smoother and faster. Which also leads to #5.

5. Happy Customers

Not only do customers get a better experience, they also rest easy knowing you’re safeguarding their data and building trust.

Ultimately, descoping means your organisation is not having to keep up with compliance regulations across each individual PCI DSS requirement.

Think of it as an item removed from your to-do list altogether.

Pardot form
Please enter your business email address.
You agree to our Privacy Policy and to hearing from PCI Pal about products, services and future content *
* Required fields

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

Chat with us