PCI

The council plays a critical role ensuring technology meets robust security needs as fraud risks rise, says MYPINPAD's Justin Pike.

Call centers have long had issues around the security of accepting card payments verbally; companies like Semafone and DataDivider are working to keep those centers PCI-compliant as the pandemic compounds the problem.

Payment technology developer MyPINPAD has upgraded its point-of-sale app to allow merchants to accept and authorize contactless payments through a consumer mobile device — and to potentially provide a less expensive option for PIN transactions for smaller merchants.

PCI has issued guidelines that are helpful, says PXP Financial's Koen Vanpraet.

In a major break from the Payment Card Industry security standards playbook, merchants and service providers using newer technologies would have the opportunity to rewrite network operation and testing procedures when achieving compliance.

It's a perplexing problem for those developing and instituting Payment Card Industry data security standards: Even as threats rise, the number of organizations that fully comply continues to drop.

South African investigators' revelation last week that fraudsters stole more than $3.2 million from the banking division of the country's post office more than a year ago served as a stark reminder that encryption doesn't mean a thing if the key is left unprotected.

The Payment Card Industry data security standard applies to organizations of all sizes, but has often been seen as an intro to data security for small-business owners who know more about cooking burgers than securing data.

Since the Payment Card Industry Data Security Standard was introduced in 2004, many merchants found compliance to be too arduous or costly and just skipped it, risking fines. But increasingly, other regulations like GDPR are changing the PCI DSS compliance equation.

Payments security firm MyPINpad has received certification from the Payment Card Industry Security Standards Council for its software-based PIN entry on Apple mobile and tablet devices.

In updating its point-to-point encryption standard, the PCI Security Standards Council says the resulting simplified validation process for component and software providers will result in more products available for cardholder data protection.

FIS has partnered with ControlScan to give its growing number of payment facilitators’ “sub-merchants” a streamlined path to comply with the Payment Card Industry Data Security Standard.

Blockchain and distributed ledger technology offer many of the basic elements that are essential components for PCI DSS compliance, writes Doug Wick, chief product officer at ALTR.

Managing compliance and breach risk make it harder to offer a good customer experience, but the cost of friction may be even higher, argues Bob Janacek, CEO of DataMotion.

Compliance can be complex and expensive, but failure puts merchants at risk, says FIME's Christian Damour.

Both are useful, but each has specialties in protecting different types of transaction processes, according to Rambus Payments' Andre Stoorvogel.

To stay ahead of the rapid development of payment applications, the Payment Card Industry Security Standards Council is making new software security standards and a validation program for vendors available later this year.

Collaboration is a critical part of how we prevent cyberattacks from turning into breaches that put consumer payment card data at risk, writes Lance Johnson, executive director of PCI SSC.

New Merchant Advisory Group chief John Drechny will push open standards for payments acceptance and security technology that doesn't impact customer experience.

Lack of preparation for a PCI DSS assessment usually results in unexpected and unnecessary expenses, as well as lost productivity among all parties involved, writes Marc Punzirudu, director of security consulting services at ControlScan.