PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

PCI Compliance Not Getting Any Easier (Yet)

Mercator Advisory Group by Mercator Advisory Group
January 7, 2013
in Analysts Coverage
0

credit card icon

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

The process of merchant achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) is something of a “rock road,” according to a feature article in this month’s SC Magazine. While the article’s main point argues the updated Standard released over a year ago brought additional clarity to the DSS, the current version is still too vague.

Security assessors and other vendors quoted in the article imply the guidance may be loose enough for merchants to align with assessors willing to validate compliance using lax criteria, effectively rubber-stamping merchants as compliant when they are not fully secure.

From the article:

Speaking to SC Magazine, Laurie Coffin, vice president of marketing at Quarri, says that because PCI DSS “just has guidelines and you have to figure out what they mean”, its interpretative format differentiates it from the code of other regulatory bodies.

“It depends how you interpret it and what auditor you end up with; they could be checking boxes,” says Coffin. “The guidelines detail firewalls and encryption, but the rest is about best practice. It is not like other regulations – achieving compliance depends on your auditor.”

Another passage details the changes that PCI DSS version 2.0 brought to the card data security landscape:

In short, PCI DSS 2.0 provides requirements and guidelines on how to store, process or transmit card data electronically. The key changes include the requirement of merchants to carry out a risk-based vulnerability assessment, while applications involved with credit card data – such as card readers, online shopping baskets and mobile payment systems – must undergo a lengthy and complex code review to uncover any security issues.

Also added is the requirement for tokenisation, to include an extra layer of security. For merchants, this reduces the scope of the PCI DSS assessment, as it uses random numbers and letters instead of storing highly sensitive primary account numbers. Specifically, it minimises risks and decreases PCI audit costs, as tokens are only stored on one secure external server, rather than having multiple parts within the payment chain.

The lengthy article hints a third version of the DSS may be in the offing sooner rather than later. The piece also contains commentary on the virtues of Level 1 compliance for payment providers, defines managed security service providers (MSSPs), and addresses the changing nature of scope determination, among other points.

Click here to read more from SC Magazine. Read more about PCI Compliance in our PaymentsJournal Strategy Session.

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    On-Demand Webinar: Solving the Digital Onboarding Challenge​ – Increasing Conversions without Increasing Risk

    On-Demand Webinar: Solving the Digital Onboarding Challenge​ – Increasing Conversions without Increasing Risk

    February 8, 2023
    legacy infrastructure

    How Modernizing IT Can Help Banks Compete With Fintechs

    February 7, 2023
    Buy Now Pay Later BNPL, B2B BNPL

    B2B BNPL Offers a High-Potential New Chapter in Payments

    February 6, 2023
    eCommerce On Social Media, social commerce

    The Rise of Social Commerce and Social Payments

    February 3, 2023
    Electroneum AnyTask; ETN Crypto, sales enablement

    Ethical Financial Selling: The Role of Compliance Technology and Sales Enablement

    February 2, 2023
    direct deposit

    Nacha Launches Campaign to Reach Millennials on the Benefits of Direct Deposit

    February 1, 2023
    Equinix Helps UK-Based Payments Provider Enable Faster, More Reliable Payments Processing

    Equinix Helps UK-Based Payments Provider Enable Faster, More Reliable Payments Processing

    January 31, 2023
    credit card tumbling

    How to Detect, and Prevent, Credit Card Tumbling

    January 30, 2023

    • Advertise With Us
    • About Us
    • Terms of Use
    • Privacy Policy
    • Subscribe
    ADVERTISEMENT
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • News
    • Resources

    © 2022 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download the Equinix report - Dojo Delivers Fast, Reliable and Secure Card Payments to Businesses on Platform Equinix