March 16, 2006, 12:00 AM

PCI data-protection standard said to be too broad for retailer compliance

Retailer compliance with the Payment Card Industry Data Security Standard won’t become widespread until the card associations streamline the process, says Avivah Litan, vice president and research director at Gartner Inc.

Paul Demery

Managing Editor, B2B E-commerce

Retailer compliance with the Payment Card Industry Data Security Standard won’t become widespread until the card associations streamline the process, says Avivah Litan, vice president and research director at Gartner Inc.

PCI is the database protection standard mandated by Visa, MasterCard, American Express, Discover and Diner’s Club for merchants accepting credit and debit cards.

“The reason it’s not being adopted is that it’s way too broad in scope,” Litan says. “The standard reads like a “Best Practices in Security” manual which, while laudable, goes beyond the immediate goal of protecting cardholder data.”

At the same time, the standard is too detailed in some areas and not detailed enough in others, she says. The standard goes into “microscopic detail” in some areas, for example, mandating that users change their passwords every 90 days, a decision better left to the retailer, Litan says

But there also is no prioritization of the 12 rules and 200 detailed sub-requirements of the standard. “You look at this standard and you just can’t do every single thing,” she says. “If it becomes unmanageable, then no one does it.”

Retailers who aren’t PCI compliant face penalties up to $500,000 and could lose card accepting privileges.

Only 17% of the 231 largest merchants have complied with the Payment Card Industry Data Security Standard, according to Visa. Another 75% are working toward compliance and 8% have submitted no reports.

Visa has no data on how many small to mid-size merchants are PCI compliant.

Comments

Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!

Advertisement

Advertisement

Advertisement

Relevant Commentary

FPO

Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...

FPO

Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of Quill.com that will let customers and Quill ...

Advertisement