May 31, 2007Standards - PCI Compliance & Non-ComplianceDespite June 2007 deadline, it is predicted that over $200B in consumer and business credit card transactions in 2007 will not comply with the Visa PCI standards. This is the US version of Chip & Pin overseas and began its life as 3DES. Merchants slipping on PCI compliance Half of the world's largest merchants are still not yet compliant with data security standards managed by the PCI, says ExaProtect, despite the anticipated June 2007 deadline. Furthermore many retailers still do not have a timetable for achieving compliance. This puts transactions with a value exceeding $200 billion potentially at risk, says the vendor. But Jean-François Dechant, CEO of ExaProtect says the positive aspect is that $160bn of transactions per year now are secured to PCI standards as the industry moves toward compliance. "These measures cannot totally eliminate hacking and other types of fraud," says Dechant. "However they do embody the best available security practice and technology, and will help to ensure a consistent level of security across the payments industry." Last December Visa launched a $20 million incentive programme designed to increase merchant compliance with the PCI security standards. As well as offering incentives Visa USA said that it would fine firms that don't comply with the regulations. Specifically for PCI compliance, acquirers will be fined between $5,000 and $25,000 a month for merchants that have not validated by 30 September 2007 and 31 December 2007 respectively. The PCI standards council was established by US card issuers American Express, Discover Financial Services, MasterCard and Visa, along with Japan's JCB to manage the on-going development of PCI data security standards which focus on improving payment account security throughout the transaction process. Reference doc: |