Payments

11:41 AM
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Latest PCI Standards To Cut Cardholder Footprint

PCI Council published its latest data security standards last week, with a focus on improving merchant awareness of security issues as they adopt new technologies.

The Payment Card Industry Security Standards Council (PCI SSC) published Version 3.0 of the Data Security Standard for securing payments data last week. The new standards aim to help merchants in dealing with security problems in an evolving payments landscape, according to Troy Leach, CTO of PCI SCC.

“Overall, we try to create these standards to be incorporated throughout the development of new systems, throughout the lifecycle of all the technology and processes they use,” Leach noted. “What we’ve seen from market research is that those organizations, that culturally incorporate security throughout their lifecycle of products, actually minimize the cost of assessments and in audits.”

The standards promote minimizing cardholder data footprint by incorporating measures like point-to-point encryption, a protocol for encrypting payment data as it transfers through networks, Leach said.

[For More On the New Standards: PCI Council Publishes Preview of New Security Standards]

“If we can minimize where cardholder data is needed to be stored, processed and transmitted, then we can focus all the security concerns and controls on smaller area of systems and networks,” Leach commented.

“The approach is that we can make the standards more user friendly, which we have [done] by increasing the education and awareness in the community,” added Bob Russo, general manager at PCI SSC.

The standards have been adjusted to make them more flexible for merchants using different payments methods, according to Russo. The new version of the standards also emphasizes the need for shared responsibility in payments security among all of the players involved in a transaction, he added.

“A lot of companies are outsourcing their payment data to payment processors and thinking that their obligation is done because they’ve outsourced it to someone who tells them that they’re PCI compliant. That is not the case,” Russo commented.

The standards latest version will help merchants be more involved in compliance and security throughout the year, rather than only being concerned with compliance when an audit is coming up, Leach explained.

Zarna Patel is a staff writer for InformationWeek's Financial Services brands, which include Bank Systems & Technology, Insurance & Technology and Wall Street & Technology. She received her B.A. in English and journalism from Rutgers University College of Arts and Sciences in ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
11/12/2013 | 3:24:01 PM
re: Latest PCI Standards To Cut Cardholder Footprint
There's a lot of growing complexity in the payments market with new players technologies making inroads. So that point of everybody being on the same page is getting more important. It could take just a couple of weak links in the payments ecosystem to give a major opportunity for a data breach.
Zarna Patel
50%
50%
Zarna Patel,
User Rank: Apprentice
11/12/2013 | 2:32:34 PM
re: Latest PCI Standards To Cut Cardholder Footprint
Agreed! Merchants and payment processors must be on the same page.
Byurcan
50%
50%
Byurcan,
User Rank: Author
11/12/2013 | 1:52:50 PM
re: Latest PCI Standards To Cut Cardholder Footprint
Russo's comments about the need for vigilance even when a company is outsourcing its payment data is very true, there is a shared responsibility among all the players in the payment chain.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video
Bank Systems & Technology Radio