May 31, 2007

Standards - PCI Compliance & Non-Compliance

Despite June 2007 deadline, it is predicted that over $200B in consumer and business credit card transactions in 2007 will not comply with the Visa PCI standards. This is the US version of Chip & Pin overseas and began its life as 3DES.

source link

Merchants slipping on PCI compliance
Over $200 billion in consumer and business credit card transactions made during 2007 will not comply with the data security standards managed by the Payment Card Industry (PCI) Security Standards Council, according to California-based security technology vendor ExaProtect.

Half of the world's largest merchants are still not yet compliant with data security standards managed by the PCI, says ExaProtect, despite the anticipated June 2007 deadline. Furthermore many retailers still do not have a timetable for achieving compliance.

This puts transactions with a value exceeding $200 billion potentially at risk, says the vendor.

But Jean-François Dechant, CEO of ExaProtect says the positive aspect is that $160bn of transactions per year now are secured to PCI standards as the industry moves toward compliance.

"These measures cannot totally eliminate hacking and other types of fraud," says Dechant. "However they do embody the best available security practice and technology, and will help to ensure a consistent level of security across the payments industry."

Last December Visa launched a $20 million incentive programme designed to increase merchant compliance with the PCI security standards.

As well as offering incentives Visa USA said that it would fine firms that don't comply with the regulations. Specifically for PCI compliance, acquirers will be fined between $5,000 and $25,000 a month for merchants that have not validated by 30 September 2007 and 31 December 2007 respectively.

The PCI standards council was established by US card issuers American Express, Discover Financial Services, MasterCard and Visa, along with Japan's JCB to manage the on-going development of PCI data security standards which focus on improving payment account security throughout the transaction process.

Reference doc:
A good reference is the Version 1.1 PCI Security Standard released in September 2006. Download PDF file

Posted by staff at May 31, 2007 06:50 AM