The Standardization Vs. Customization Debate Continues for PCI DSS Compliant Products

Detta är en Master-uppsats från KTH/Industriell Management

Sammanfattning:

When it comes to cloud services, security has many a times been the hot topic. This has been especially relevant within the payment card industry and the secure handling of payment card data. The Payment Card Industry Security Standards Council (the council) was formed in order to ensure a global enhancement of payment card data. The council has issued requirements that all companies that handle payment card data are obliged to follow. However, the council has become much more strict as of recently, creating an urgency to become compliant. Thus, cloud service providers (CSP) have constructed standardized, PCI DSS compliant products so as to relief such customers. Since this emerging market is somewhat new, this thesis has researched how CSPs should relate to products within that market and the potential customer base.

The case study for this research was conducted at Tieto, an IT service company, and its standardized, PCI DSS compliant product TiCC. The study collected empirical data in the form of qualitative interviews as well as quantitative telephone interviews with companies within the payment card industry. The study came to the conclusion that there is a demand that is not being met within the payment card industry related to products that aid organizations to become PCI DSS compliant. Standardized products have been constructed so as to fit financial customers while overlooking the demand of another large customer base, retail. Additionally, the products are being tweaked and features are being added, thus providing customization. CSPs are striving for both standardization as well as customization, something that has been considered counterproductive. The existing demand is thus not met with the current supply in the market, which has both multiple competitors and heterogeneity in market demand. The above mentioned thus leaves room for market seizure, to create own rules and thus making all competitors irrelevant. A potential way of doing that is through mass customization by standardizing higher levels of cloud computing.

  HÄR KAN DU HÄMTA UPPSATSEN I FULLTEXT. (följ länken till nästa sida)