Change search
ReferencesLink to record
Permanent link

Direct link
The Standardization Vs. Customization Debate Continues for PCI DSS Compliant Products
KTH, School of Industrial Engineering and Management (ITM), Industrial Economics and Management (Dept.), Industrial Management.
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

When it comes to cloud services, security has many a times been the hot topic. This has been especially relevant within the payment card industry and the secure handling of payment card data. The Payment Card Industry Security Standards Council (the council) was formed in order to ensure a global enhancement of payment card data. The council has issued requirements that all companies that handle payment card data are obliged to follow. However, the council has become much more strict as of recently, creating an urgency to become compliant. Thus, cloud service providers (CSP) have constructed standardized, PCI DSS compliant products so as to relief such customers. Since this emerging market is somewhat new, this thesis has researched how CSPs should relate to products within that market and the potential customer base.

The case study for this research was conducted at Tieto, an IT service company, and its standardized, PCI DSS compliant product TiCC. The study collected empirical data in the form of qualitative interviews as well as quantitative telephone interviews with companies within the payment card industry. The study came to the conclusion that there is a demand that is not being met within the payment card industry related to products that aid organizations to become PCI DSS compliant. Standardized products have been constructed so as to fit financial customers while overlooking the demand of another large customer base, retail. Additionally, the products are being tweaked and features are being added, thus providing customization. CSPs are striving for both standardization as well as customization, something that has been considered counterproductive. The existing demand is thus not met with the current supply in the market, which has both multiple competitors and heterogeneity in market demand. The above mentioned thus leaves room for market seizure, to create own rules and thus making all competitors irrelevant. A potential way of doing that is through mass customization by standardizing higher levels of cloud computing.

Place, publisher, year, edition, pages
2015. , 77 p.
Keyword [en]
Customization, Cloud Service Provider, cloud layers, cloud services, mass customization, PCI DSS compliant, Standardization, retail, the payment card industry
National Category
Economics and Business
URN: urn:nbn:se:kth:diva-190963OAI: diva2:953913
Available from: 2016-08-19 Created: 2016-08-19 Last updated: 2016-11-02Bibliographically approved

Open Access in DiVA

fulltext(1545 kB)7 downloads
File information
File name FULLTEXT01.pdfFile size 1545 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Industrial Management
Economics and Business

Search outside of DiVA

GoogleGoogle Scholar
Total: 7 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 43 hits
ReferencesLink to record
Permanent link

Direct link