GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Light alleviating a dark decline


Industry Update

Legislative outlook: Interchange bills less likely than ID fraud rules

First Data's composite security system - a game changer?

TSYS, FNBO enter joint venture

Trade Association News


GS Advisory Board:
Positive economic signs and actions - Part 1

Online banking in Canada:
What happens next?

Joseph Iuso
UseMyServices Inc.

Research Rundown

Selling Prepaid

Prepaid in brief

Win-win scenarios abound at Prepaid Expo


Are banks losing grip on payments?

Patti Murphy
The Takoma Group

Dial or smile

Justin Milmeister
Elite Merchant Solutions

Payments industry issues:
First quarter 2010

Brandes Elitch
CrossCheck Inc.


Street SmartsSM:
Parting thoughts for readers

Jon Perry and Vanessa Lang
Merchant Services Inc., Texas

Police warn of new skimming devices

Nicholas Cucci
Network Merchants Inc.

Ripples on the mobile Web

Dale S. Laszig
Castles Technology Co. Ltd.

Digging into PCI - Part 9:
Restrict physical access to cardholder data

Tim Cranny
Panoptic Security Inc.

Company Profile

Retail Decisions Inc.

New Products

A mobile payments bundle

MerchantWARE Mobile
Company: Merchant Warehouse

Statistical analysis of prepaid

The Stats Tool
Company: Stanton Consultancy Ltd.


Unleash the power of networking



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

March 22, 2010  •  Issue 10:03:02

previous next

Research Rundown

PCI compliance audits are not cheap

#dch_According to a study by global technology provider Thales and research firm The Ponemon Institute, titled PCI DSS Trends 2010 - QSA Insights, large merchants who must undergo on-site Payment Card Industry (PCI) Data Security Standard (DSS) audits spend an average of $225,000 a year toward compliance.

The study also found that 10 percent of these merchants pay $500,000 or more a year.

The report indicated that 2 percent of merchants receiving on-site audits by Qualified Security Assessors (QSAs) fail their audit, and 41 percent would fail without the use of what are called "compensating controls" under PCI rules.

These controls involve certain stopgap measures outside strict PCI guidelines to address technical difficulties.

The study surveyed 155 QSAs worldwide about their customers' spending on annual on-site PCI audits, which the card brands require of large merchants (those processing over 6 million Visa Inc./MasterCard Worldwide transactions a year) to process electronic payments.

Fifty-four percent of the surveyed QSAs said their clients feel PCI DSS compliance is too expensive; 52 percent said most merchants are not proactively taking sufficient measures to handle data security.

Sixty percent said encryption is the most effective technology their clients use to protect consumer data.

Regarding the micromanagement of encryption processes, 41 percent of QSAs said controlling access to encryption keys is the most difficult task involved. Eighty-one percent recommend using a hardware security module for encryption and key management.

Not surprisingly, most QSA respondents said card data is under the greatest threat when stored in merchant networks and databases - an assertion long made by industry security analysts.

For more information, visit

Trends in mobile banking

#dch_According to a research paper by Celent LLC, Are Banks from Mars, Mobile Banking Vendors from Venus?, of the top 50 U.S. financial institutions, 20 offered mobile banking in 2008; 25 did in 2009, a jump of 25 percent.

While this would seem to foretell the continued adoption of mobile banking by other banks that don't presently use it, the report predicts its adoption will essentially plateau among large banks.

According to the report, none of the top 50 financial institutions without mobile banking in 2009 had adopted the service as of January 2010.

Of the remaining 25 institutions not to offer it, almost all are either not truly "retail banks" - meaning they don't have branch networks or offer retail banking products - or are foreign owned.

The report also found that, among all commercial banks, savings institutions and credit unions in the United States, the 25 top financial institutions offering mobile banking account for 45 percent of the nation's mobile banking deposits.

Among financial institutions generally, mobile banking has yet to plateau - suggesting that the growth in this market will likely be greatest among smaller financial institutions. The total number of institutions offering mobile banking between 2007 and 2009 grew from 100 to 613; that number jumped to 696 in the first quarter of 2010.

For more information, go to

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios