When You Change Processors, What Happens To Your Data?
Written by Walter ConwayMay 19th, 2010
Have you ever wondered what happens to all your old card transaction data after you change your processor or acquirer? Most retailers have made such a change, and many make it a practice to rebid their card-processing contract every few years. After you move on, though, your data frequently doesn't follow you. So, PCI Columnist Walt Conway asks, "What are your responsibilities if this old data gets compromised?"
Are you still responsible under PCI Requirement 12.8 for managing a service provider when you no longer have a relationship with that provider but it still has your data? Aside from PCI considerations, if a service provider--think tokenization vendor or loyalty program manager—simply goes out of business, how will you get your data back?
This Story Is Only Available For Premium Subscribers. Click Or Login In Below To Read The Rest Of This Story.
Already a Subscriber? Login Here
Pages: 1 2
One Comment | Read When You Change Processors, What Happens To Your Data?
Leave a Reply
Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
-Ed
May 28th, 2010 at 12:04 pm
Being both an online merchant and an insurer of this data, I find your comments are right on target. Your comment that the large retailer makes for better headlines than a third party processor is so true, but the truth is if the data is released, a good attorney is going to file suit against all parties involved.
It is the merchant that will be ultimately held liable for the loss of their customer data. However it is my understanding that if the merchant is no longer available to provide restitution, pay fines or penalties, then it could become the processor responsibility.