The global top-five card-payment companies have issued new worldwide Payment Card Industry (PCI) security standards, and have formed a council to encourage their adoption. American Express, JCB, MasterCard Worldwide, Visa International and Discover Financial Services have unveiled the new PCI Data Security Standard (DSS) version 1.1.
According to the new body, the standard has been updated to provide
clarification to certain requirements and be able to deal better with
complex requirements such as data encryption.
PCI is a set of specifications that control the handling of credit card
information, and is required for all merchants who accept credit cards
or store credit information. Those that fail to comply can face fines or
lose their ability to handle credit cards. A recent survey by The Logic
Group found that only 3 per cent of UK businesses are currently
compliant.
But the new revised standard has already met with criticism. "Many
merchants had heard that this new standard was imminent, so they waited
to see whether it would be easier to conform to - which of course it
isn't," claims David Taylor, vice-president of data security strategies
at Protegrity.
"The need for security has not decreased over the past year. In fact,
the standard makes little mention of increasingly important issues such
as phishing."