March 16, 2006, 12:00 AM

PCI data-protection standard said to be too broad for retailer compliance

Retailer compliance with the Payment Card Industry Data Security Standard won’t become widespread until the card associations streamline the process, says Avivah Litan, vice president and research director at Gartner Inc.

Retailer compliance with the Payment Card Industry Data Security Standard won’t become widespread until the card associations streamline the process, says Avivah Litan, vice president and research director at Gartner Inc.

PCI is the database protection standard mandated by Visa, MasterCard, American Express, Discover and Diner’s Club for merchants accepting credit and debit cards.

“The reason it’s not being adopted is that it’s way too broad in scope,” Litan says. “The standard reads like a “Best Practices in Security” manual which, while laudable, goes beyond the immediate goal of protecting cardholder data.”

At the same time, the standard is too detailed in some areas and not detailed enough in others, she says. The standard goes into “microscopic detail” in some areas, for example, mandating that users change their passwords every 90 days, a decision better left to the retailer, Litan says

But there also is no prioritization of the 12 rules and 200 detailed sub-requirements of the standard. “You look at this standard and you just can’t do every single thing,” she says. “If it becomes unmanageable, then no one does it.”

Retailers who aren’t PCI compliant face penalties up to $500,000 and could lose card accepting privileges.

Only 17% of the 231 largest merchants have complied with the Payment Card Industry Data Security Standard, according to Visa. Another 75% are working toward compliance and 8% have submitted no reports.

Visa has no data on how many small to mid-size merchants are PCI compliant.

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Adrien Henni / E-Commerce

eBay and Russian Post accelerate cross-border deliveriies

EBay and Russian Post have signed a memorandum of cooperation aimed at reducing the time ...

FPO

Ernie Diaz / E-Commerce

Can Tencent win the mobile commerce battle with Alibaba?

The two Chinese Internet giants are increasingly encroaching on each other’s territories. A Beijing-based marketing ...

Advertisement