SCOTTDALE, ARIZ.–The rise of more-advanced card data security measures and the emergence of mobile payments helped to drive record attendance here at the annual PCI Security Standards Council’s North American community meeting, whose attendees include payment-industry executives from 40 different countries.
In response to a growing list of data-security concerns and new technology, attendance at the fifth annual event jumped almost 200% since the organization’s first such gathering in 2006, Bob Russo, the council’s general manager, told attendees today during his opening address.
Turnout includes some 600 organizations, including merchants, payment card networks, financial institutions and payment-security executives, Russo noted.
Meeting the security challenges of mobile payments is of top interest to many attendees, Russo said. The best way to meet the council’s latest guidance for advanced data-security requirements is also a priority, he said (
“All you hear these days is (news) about mobile payments, and PCI comes up in conversations at all levels,” he said.
Eduardo Perez, global head of payment system risk at Visa Inc., told attendees during the same session that, while “there are a lot of unknowns” in emerging mobile-payments technology, “security is important to all the card brands, ... and we do not view security as being in competition with technology.” Perez also serves as chairperson of the council’s executive committee.
Despite the challenges new payment technologies pose, many merchants seem to welcome mobile payments and the possible adoption in the U.S. of EMV chip card technology as “a more secure” direction for payments, John Graham, vice president, global information assurance and risk, at First Data Corp. and a member of the council’s advisory board, told PaymentsSource in an interview today at the conference.
“Mobile payments, as a general concept, eventually will move us away from lower-tech card-based payment technologies,” Graham said, acknowledging it will be years before mobile-payment technologies supplant existing payment systems.
The present challenges merchants face include ensuring payment card data are secure at every stage of the payment process, and while PCI compliance is not foolproof against data breaches, merchants that pursue compliance are relatively protected, Graham suggested.
“Merchants constantly have the heartbeat of maliciousness within their systems, which means we can assume that at any moment merchants have a 3% to 5% exposure to data compromise,” Graham said. “That said, large merchants and processors have made huge strides recently in ensuring their systems are not vulnerable to major breaches.”
But every bulwark against fraud cannot guarantee merchants are safe from data breaches or compromises of sensitive cardholder data, Dae Kim, a PCI compliance executive with petroleum retailers BP Products North America, told PaymentsSource at the conference.
“Mobile and EMV might help eliminate some fraud, but criminals are always working to find new ways around these things,” Kim noted. “But we are also looking for any opportunities to minimize the fraud associated with magnetic stripe cards and card skimming.” Upgrading BP’s unattended payment terminals to accept EMV cards is likely to be “costly,” Kim acknowledged.
And while mobile payments may present new opportunities to meet customers’ payment needs, it also increases merchants’ burdens, Susan Wick, an Alaska Airlines information technology executive, told PaymentsSource.
“As mobile channels emerge, it means we have more and more channels to support with customer service and more data to protect on those channels. ... It is progress, but it is also more work,” Wick said.
What do you think about this? Send us your feedback. Click
