Thursday, November 09, 2006

PCI and Credit Card Security

The Payment Card Industry (PCI) Data Security Standard was developed jointly by Visa and MasterCard to set standards for card issuing companies.

All merchants wanting to do business with the two cards must meet the PCI standards. Before PCI, it was up to merchants and issuers to implement security. What resulted was a hodgepodge of different requirements without a unified or standardized approach. PCI is meant to be that single standard.

There's a great web site,, that summarizes the standard and has a lot of links to resources about credit card security, overall.

I like the standard and find that it's pretty complete. But, on the other hand, it's heavily geared toward standard bread-and-butter network security practices that any company should already be implementing.

Fraud still continues to be the biggest threat to credit card security, and PCI doesn't really address that. Fraud can only be partially stopped by technical measures. Network security is only one part of that, because fraud is a people -- not a technical -- problem. But, hey, I'm not complaining. It's still the bare minimum that companies should be doing to protect their card customers.


Anonymous Anonymous said...

Security is very important for such business today. Credit companies spent mush money to protect themselves and their clients of online scams. But, unfortunately, it is not enough to stop ‘em.

2:00 AM  

Post a Comment

<< Home