Payment Card Industry issues new credit card security standards

The new version focuses on clarifying the intent and spirit of the standards

Cybersecurity may be at the top of mind for most in-house counsel, especially as the cost of cybercrime rose 6 percent in 2012. But it’s not just the C-suite that is feeling the pressure: Customers want to know that their data is safe, especially when it comes to online payment.

The regulating body of credit card standards agrees that credit card security has become an increasing problem. That’s why the Payment Card Industry (PCI) Security Standards Council has issued its latest PCI Data Security Standard and Payment Application Data Security Standard (version 3.0), aimed at making users’ credit card purchases even more secure.

The new version focuses on clarifying the intent of the standards according to The Wall Street Journal. For example, rather than just containing a document that addresses the risk of each control the council has put in place, the new standard aims to make those particular risks more visible and easier to understand.

In addition, the updated standard hopes to highlight the increased responsibility for compliance from each member of the payment process, especially with more businesses relying on third-party credit card vendors than ever before. The council also hopes to better train employees on how to be secure with customers’ credit card information.

Bob Russo, general manager of the council, told the WSJ that even though cybercrime has become more sophisticated, the council’s three-year study of credit card fraud has revealed that most cybercriminals obtain credit card information the easy way. “What we’re finding is 90 percent to 95 percent of the breaches are related to default passwords,” he said.

The new standards become effective on Jan. 1, 2014. Rodolphe Simonetti, managing director of Verizon’s payment card industry services unit, told the WSJ that for 90 percent of the companies who handle credit card information, the new standards will have very little effect. But for 10 percent, especially those who use complex PCI systems, the impact might be significant with increased costs and work towards compliance.

 

For more on cybersecurity, check out these InsideCounsel articles:

White House and CEOs collaborate on cybersecurity framework

Communicating investor information via social media presents new challenges for companies

NIST releases proposed cybersecurity framework

The legal counselors’ role in cybersecurity response

Avoiding the worst case scenario: Balancing cost and data security

Join the Conversation

Advertisement. Closing in 15 seconds.