We notice you are visiting from a U.S. Internet provider. 
10/03/2010 -
Many merchants lament that achieving PCI compliance can be expensive. However, there is a way to reduce compliance costs - minimizing PCI scope.Walt Conway, a QSA for 403 Labs, recently advised businesses in an article for StorefrontBacktalk.com to take a close look at their payment processing infrastructure - preferably with network diagrams that track cardholder dataflow - to see where PCI scope can be reduced.
In many cases, merchants keep PAN data for chargebacks and refunds, which must be protected according to PCI DSS protocol. Yet these processes do not necessarily require PAN data, so eliminating this storage reduces the amount of data that needs to be protected.
"Treat cardholder data as toxic," Conway wrote. "Seek out and eliminate cardholder data wherever and whenever you can. You likely will need to change some back-office procedures (e.g., processing chargebacks and refunds), and the inconvenience may increase your costs. But it may be cheaper than protecting cardholder data that is spread around the enterprise."
If the cost of reducing PCI scope seems too much, merchants should remember that the cost of a security breach can be astronomically higher. Notoriously breached Heartland Payment Systems, for example, has had to pay US$129 million so far in expenses related to its breach.
