PRINCETON, NJ – As the Payment Card Industry Security
Standards Council (PCI SSC) prepares to update its PCI Data Security Standard
(PCI DSS), what’s clear is that retail breaches continue to expose PCI security
weaknesses throughout the world, Bank Info Security reports.
"The criminals are still finding it too easy to break
into everybody's systems," said the council’s Jeremy King, who heads PCI
SSC in Europe. "Poor passwords or weak passwords are the No. 1 challenge
we all have to address. This is not low hanging fruit - this is fruit lying on
the floor waiting to be picked up."
King said network attacks, though, are just one of many
challenges that card issuers and merchants are facing. Mobile and emerging
e-commerce transactions are posing increasing PCI compliances challenges, even
where chip and PIN transactions are used.
"We are seeing increased interest in mobile commerce,"
King said, and retailers have to be mindful of card data risks.
"EMV is great at securing face-to-face transactions and
preventing face-to-face fraud.
But it does not cover card-not-present transactions," King said, such as
those conducted through e-commerce sites.
While end-to-end encryption addresses
card-not-present transactional security risks, King said that merchants must
consistently ensure they are not inadvertently storing card data or
transmitting data in a way that opens cardholders to new risks.