Oct 1, 2013

PCI is Here to Stay – But Forced to Adapt

Credit cards might disappear, but the primary security standard that protects them seems unlikely to suffer the same fate, even as the payments industry changes. According to a report from ISO and Agent, security experts and industry observers believe that the industry will always need the Payment Card Industry (PCI) data security standards, which safeguards what businesses must put in place to accept credit and debit cards. As long as cardholder data is being transferred, steps to guarantee the info is secure will need to be used. ISOs will always need to continue to facilitate this process for all their clients. While we have already established that PCI won’t be going away anytime soon, there will need to be changes made. EMV chip card acceptance will reduce fraud by encrypting cardholder data, which will lower the costs for merchants down the road. According to Gary Glover, director of security assessment for SecurityMetrics Inc, instead of meeting 250 validation requirements, a merchant might only have 20. The ever-changing arena of mobile payments is the next challenge for PCI. Keeping up with daily changes and new product offerings is no easy task. Businesses are urged to take as many security measures as possible. Even with new technology and procedures, fraud is never going away, it will change according to Bob Russo from PCI Security Standards Council. Russo believes security will pair technology (most importantly EMV) with PCI. PCI isn’t a perfect solution because many different business types are forced to comply with the same set of standards. With the payments industry changing so quickly, PCI standards will be required to adapt to assist businesses keep cardholder data safe.