Three decades ago, payment fraud was simpler, a one-to-one relationship where the criminal stole a physical card and used it in a physical store.
Now criminals steal millions of credentials at a time — they are far more sophisticated and globalized — and cybercrime is big business. To counter these threats, a layered approach based on people, process and technology is most effective, especially as the scope and breadth of the ecosystem increases.
The mission of the PCI Security Standards Council is to help secure payment data by developing industry security standards and programs. That mission hasn’t changed in the 12 years since the council was created.
We started with one standard, the PCI Data Security Standard. The DSS is the foundation and embodies the connective philosophy of the Council: to protect payment data. The threats have changed and so have the standards. Today there are 12 standards, along with supporting programs, training and resources covering the full payment life cycle.
We’ve learned that to respond to today’s modern attacks requires not only strong security standards but also shared knowledge from security professionals who are on the front lines of protecting payment data. Collaboration is a critical part of how we fight cyberattacks and prevent them from turning into data breaches that put consumer payment card data at risk. Everyone — government, consumers, merchants large and small — benefits from working together to stop cybercriminals.
So, where do we go from here? Market feedback and global collaboration is critical to move payment security forward. PCI’s North America Community Meeting is a key feedback forum for the council. It is an opportunity to inform us about industry successes and challenges, ideas and suggestions regarding PCI standards and supporting programs.
I encourage you to use one of the other ways to get involved and provide your feedback and expertise. No single entity can solve these issues. We must rely on global collaboration across a variety of industries to ensure the security of payment data now, and into the future.
