August 13, 2010
-
News: New Rules For Payment Processors
Cardholders may not realize that there is another arm of the financial industry that regulates how credit card companies store card data and protect this information. The industry is known as the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a global debit and credit card information security standard defined by the Payment Card Industry Security Standards Council. This standard was created to help the electronic payment industry process card payments securely to help prevent credit card fraud. The standard applies to all organizations that hold, process, or exchange cardholder information. No surprise to the industry is the upcoming implementation of new PCI DSS rules that are expected to be handed down within the next few weeks.
Credit card companies have been preparing for the mandates that are aimed at protecting cardholders from fraud and identity theft which are expected to be announced soon. The Payment Card Industry Data Security Standards Council will be upgrading to the 2.0 version. While the average credit cardholder doesn't know what that means, lenders and major card networks have a clear understanding of the new expectations. These new mandates are not expected to make a significant amount of changes as far as the way lenders protect cardholder data, it more clearly defines requirements connected to specific areas of security.
One of the most significant changes is in the process of "scoping." Scoping enables credit card companies to determine the location of stored customer card information. It is likely a surprise to most people to learn that at times payment processing companies don't really know where their systems have stored this sensitive card information making it vulnerable to theft. It has been particularly concerning to the PCI council particularly since a number of major hacking incidents have occurred over the past year. As a result, it is expected that the council will be implementing new rules that will close the security gap.