Posted by: Margaret Rouse
Compliance, PCI DSS, Security
|The poker game continues. Get set for an all-nighter.
David Taylor, Raising the Bet: A National Payment Security Standard
Friday’s WhatIs.com Word of the Day is Payment Card Industry Data Security Standard, better known as PCI DSS. If you’ve ever had your debit card replaced without your asking, you’ve been affected by PCI DSS. The standard is managed by a consortium of credit card companies. David Taylor explains how (and why) merchants are hooking up to promote a new standard.
From its humble beginnings as an effort to rationalize and harmonize the Visa, MasterCard and AMEX security guidelines and turn them into a single standard, the PCI SSC continues to raise the bet by launching more and more standards to address different aspects of the payment security business: Payment application security (PA-DSS), PIN entry device security (PCI-PED), Hardware security modules (PCI HSM), Kiosk and ATM security (PCI UPT), etc.
Even though these standards are emerging through a participatory process, some merchants and vendors clearly see this game as “rigged” – run by the card networks, enforced by the card networks, with fines imposed by the card networks. The merchants and vendors may be allowed to offer advice; they are not “players” in the game. But now this could be changing.