Enterprise Approach to PCI Compliance

We will explore this concept in greater depth as we move forward in this book, but the concept of cardholder information touch points is critical to determine the enterprise approach to PCI compliance. Touch points refer to the specific areas of the enterprise where cardholder information is either stored, processed, or transmitted. For instance, at a merchant enterprise, a key touch point for cardholder information (among several others) may be the point-of-sale (POS) billing system,

from which cardholder information is stored and/or transmitted to the acquirer. This system might consist of workstations (terminals), an application server, and a database. The touch points of cardholder information are all three of these systems, as cardholder information “touches” them at some point in time, even if ephemerally and/or in transit.