The Future of PCI

The head of PCI SSC in Europe acknowledges that retail breaches have exposed PCI security weaknesses throughout the world.

May 21, 2013

PRINCETON, NJ – As the Payment Card Industry Security Standards Council (PCI SSC) prepares to update its PCI Data Security Standard (PCI DSS), what’s clear is that retail breaches continue to expose PCI security weaknesses throughout the world, Bank Info Security reports.

"The criminals are still finding it too easy to break into everybody's systems," said the council’s Jeremy King, who heads PCI SSC in Europe. "Poor passwords or weak passwords are the No. 1 challenge we all have to address. This is not low hanging fruit - this is fruit lying on the floor waiting to be picked up." 

King said network attacks, though, are just one of many challenges that card issuers and merchants are facing. Mobile and emerging e-commerce transactions are posing increasing PCI compliances challenges, even where chip and PIN transactions are used.

"We are seeing increased interest in mobile commerce," King said, and retailers have to be mindful of card data risks.

"EMV is great at securing face-to-face transactions and preventing face-to-face fraud. But it does not cover card-not-present transactions," King said, such as those conducted through e-commerce sites. 

While end-to-end encryption addresses card-not-present transactional security risks, King said that merchants must consistently ensure they are not inadvertently storing card data or transmitting data in a way that opens cardholders to new risks.

Advertisement
Advertisement
Advertisement