August 11, 2005, 12:00 AM

PCI data-protection standard is impractical and leaves e-retailers confused

The credit card industry’s Payment Card Industry Data Security Standard is impractical and has left e-merchants confused about what steps they need to take for compliance, says Avivah Litan, Gartner Inc. vice president.

Paul Demery

Managing Editor, B2B E-commerce

 

The credit card industry’s Payment Card Industry Data Security Standard is impractical and has left e-merchants confused about what steps they need to take for compliance, says Avivah Litan, vice president and research director at Gartner Inc.

PCI is the database protection standard endorsed by Visa, MasterCard, American Express, Discover and Diners’ Club.

Part of the problem lies in the fact that most e-merchants can’t meet all of the PCI standard’s 12 rules and 200 detailed sub-requirements and must put in place alternative security methods, Litan says. For example, small merchants might not be able to afford data encryption.

However, the standards don’t specify what alternatives could be used. “It’s like saying you have to only eat hamburger for lunch,” she says. “But if you can’t, what are the things you can eat? They don’t tell you that.”

The standards also are subject to too much interpretation by the third-party assessors that must validate whether a merchant is in compliance, according to Litan. “One assessor may say one thing, and another assessor may say another thing,” she says. “There’s just too much left open in terms of the standards not being defined.”

Many merchants also report that they haven’t yet been contacted by their merchant banks even though the deadline for compliance is past, Litan says. Merchant banks are required by Visa and MasterCard to monitor compliance schedules and are responsible for implementing the standards.

“The bottom line is that there are a lot more questions than answers (about the standards),” Litan says.

For its part, Visa continues to work with merchants to answer any questions about the standard, says Michael W. Yakel, vice president of new market development. “Merchant confusion can be solved by merchant education and dialog,” he says.

Comments

Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!

Advertisement

Advertisement

Advertisement

Relevant Commentary

FPO

Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...

FPO

Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of Quill.com that will let customers and Quill ...

Advertisement