Posts Tagged ‘what is pci compliance’

Credit Card Fraud: Why the Payment Card Industry (PCI) Fails Consumers

Wednesday, February 12th, 2014

A reporter asked me last week whether I think the PCI Standards have completely failed consumers and been proven useless — because of the recent breaches — and so should “Rest in Peace.” For those who don’t know about the PCI (Payment Card Industry), they have a “Security Standards Council” that mandates security to every company taking credit or debit cards in the U.S. (at least from all major banks). In order to accept cards, a business must be “PCI compliant.”  The question is, how far do their standards go in terms of protecting us consumers? Some argue that PCI compliance is an unhelpful distraction.

ATM machine keypad

ATM with malware on it. Really!

But before we decide if their requirements are tough enough, let’s consider whether the rules are useful at all. This is an easier question to answer, because anyone in the security field prefers some security to no security. We tend to be in favor of anything that gets people thinking about it. We are also big fans of education, because people’s “security posture” (what they are doing about security as a consumer or a company) usually improves as they learn more about cybercrime and how challenged all of us in cybersecurity are to stop it.

When PCI standards were first implemented, it surely forced a lot of businesses to beef up their security. And that’s good, because too often security is neglected. Although it is essential, security is in competition with other business objectives, because it costs money and it doesn’t add profit. It only prevents loss, and that’s a pretty ambiguous benefit sometimes.

(more…)