The Standardization Vs. Customization Debate Continues for PCI DSS Compliant Products

When it comes to cloud services, security has many a times been the hot topic. This has been especially relevant within the payment card industry and the secure handling of payment card data. The Payment Card Industry Security Standards Council (the council) was formed in order to ensure a global en...

Full description

Bibliographic Details
Main Author: IMERI, DODONA
Format: Others
Language:English
Published: KTH, Industriell Management 2015
Subjects:
Online Access:http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-190963
id ndltd-UPSALLA1-oai-DiVA.org-kth-190963
record_format oai_dc
spelling ndltd-UPSALLA1-oai-DiVA.org-kth-1909632016-11-03T05:09:31ZThe Standardization Vs. Customization Debate Continues for PCI DSS Compliant ProductsengIMERI, DODONAKTH, Industriell Management2015CustomizationCloud Service Providercloud layerscloud servicesmass customizationPCI DSS compliantStandardizationretailthe payment card industryWhen it comes to cloud services, security has many a times been the hot topic. This has been especially relevant within the payment card industry and the secure handling of payment card data. The Payment Card Industry Security Standards Council (the council) was formed in order to ensure a global enhancement of payment card data. The council has issued requirements that all companies that handle payment card data are obliged to follow. However, the council has become much more strict as of recently, creating an urgency to become compliant. Thus, cloud service providers (CSP) have constructed standardized, PCI DSS compliant products so as to relief such customers. Since this emerging market is somewhat new, this thesis has researched how CSPs should relate to products within that market and the potential customer base. The case study for this research was conducted at Tieto, an IT service company, and its standardized, PCI DSS compliant product TiCC. The study collected empirical data in the form of qualitative interviews as well as quantitative telephone interviews with companies within the payment card industry. The study came to the conclusion that there is a demand that is not being met within the payment card industry related to products that aid organizations to become PCI DSS compliant. Standardized products have been constructed so as to fit financial customers while overlooking the demand of another large customer base, retail. Additionally, the products are being tweaked and features are being added, thus providing customization. CSPs are striving for both standardization as well as customization, something that has been considered counterproductive. The existing demand is thus not met with the current supply in the market, which has both multiple competitors and heterogeneity in market demand. The above mentioned thus leaves room for market seizure, to create own rules and thus making all competitors irrelevant. A potential way of doing that is through mass customization by standardizing higher levels of cloud computing. Student thesisinfo:eu-repo/semantics/bachelorThesistexthttp://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-190963application/pdfinfo:eu-repo/semantics/openAccess
collection NDLTD
language English
format Others
sources NDLTD
topic Customization
Cloud Service Provider
cloud layers
cloud services
mass customization
PCI DSS compliant
Standardization
retail
the payment card industry
spellingShingle Customization
Cloud Service Provider
cloud layers
cloud services
mass customization
PCI DSS compliant
Standardization
retail
the payment card industry
IMERI, DODONA
The Standardization Vs. Customization Debate Continues for PCI DSS Compliant Products
description When it comes to cloud services, security has many a times been the hot topic. This has been especially relevant within the payment card industry and the secure handling of payment card data. The Payment Card Industry Security Standards Council (the council) was formed in order to ensure a global enhancement of payment card data. The council has issued requirements that all companies that handle payment card data are obliged to follow. However, the council has become much more strict as of recently, creating an urgency to become compliant. Thus, cloud service providers (CSP) have constructed standardized, PCI DSS compliant products so as to relief such customers. Since this emerging market is somewhat new, this thesis has researched how CSPs should relate to products within that market and the potential customer base. The case study for this research was conducted at Tieto, an IT service company, and its standardized, PCI DSS compliant product TiCC. The study collected empirical data in the form of qualitative interviews as well as quantitative telephone interviews with companies within the payment card industry. The study came to the conclusion that there is a demand that is not being met within the payment card industry related to products that aid organizations to become PCI DSS compliant. Standardized products have been constructed so as to fit financial customers while overlooking the demand of another large customer base, retail. Additionally, the products are being tweaked and features are being added, thus providing customization. CSPs are striving for both standardization as well as customization, something that has been considered counterproductive. The existing demand is thus not met with the current supply in the market, which has both multiple competitors and heterogeneity in market demand. The above mentioned thus leaves room for market seizure, to create own rules and thus making all competitors irrelevant. A potential way of doing that is through mass customization by standardizing higher levels of cloud computing.
author IMERI, DODONA
author_facet IMERI, DODONA
author_sort IMERI, DODONA
title The Standardization Vs. Customization Debate Continues for PCI DSS Compliant Products
title_short The Standardization Vs. Customization Debate Continues for PCI DSS Compliant Products
title_full The Standardization Vs. Customization Debate Continues for PCI DSS Compliant Products
title_fullStr The Standardization Vs. Customization Debate Continues for PCI DSS Compliant Products
title_full_unstemmed The Standardization Vs. Customization Debate Continues for PCI DSS Compliant Products
title_sort standardization vs. customization debate continues for pci dss compliant products
publisher KTH, Industriell Management
publishDate 2015
url http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-190963
work_keys_str_mv AT imeridodona thestandardizationvscustomizationdebatecontinuesforpcidsscompliantproducts
AT imeridodona standardizationvscustomizationdebatecontinuesforpcidsscompliantproducts
_version_ 1718391166200709120