GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Advice for prepaid pros


Industry Update

Summary judgments sought in 'Wal-Mart case' sequel

Global mobile payments to reach $945 billion by 2015

Earnings indicate strong payments industry


Going global: Tips for merchants on expanding to international markets

Shane Fitzpatrick
Chase Paymentech Solutions LLC

Mobile payments head to the cloud

Doug Dwyre

Selling Prepaid

Prepaid in brief

Openbucks provides uplift for prepaid

Prepaid's role in defining financial services


U.S. transit agencies buy contactless systems

Michael Simon
Smart Systems Innovations LLC

2012: The year mobile payments go mainstream?

Patti Murphy
ProScribes Inc.


Street SmartsSM:
Integrity and ethics from day one

Bill Pirtle
C3ET Credit Card Consortia for Education & Training Inc.

Section 6050W relief doesn't mean compliance is voluntary

Troy Thibodeau
Convey Compliance Systems Inc.

Innovate or perish

Dale S. Laszig
Castles Technology Co. Ltd.

Good talent is hard to find

Jeff Brodsly
Chosen Payments

The cost of cyber attacks

Nicholas Cucci
Network Merchants Inc.

PCI: Target or shield

Steve Robb
ControlScan Inc.

Company Profile

Street Savings

New Products

A new layer in cloud payments

Transmodus Corp.


What defines success?


2011/2012 Calendar of events



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

November 28, 2011  •  Issue 11:11:02

previous next

PCI: Target or shield

By Steve Robb

Since 2006 and the formation of the PCI Security Standards Council (PCI SSC) by the major credit card brands, identity theft and data breaches have continued to escalate - from large-scale incidents, impacting more than 130 million credit and debit cards, to an alarming and recent focus on small businesses.

According to the Verizon 2011 Payment Card Industry Compliance Report, roughly 80 percent of businesses in 2010 were not 100 percent compliant with the Payment Card Industry (PCI) Data Security Standard (DSS), an evolving standard managed by the PCI SSC to increase controls around cardholder data in an effort to reduce fraud.

To make matters worse, retailers and politicians often view breaches as an opportunity to attack the PCI DSS. Meanwhile, industry leaders and the PCI SSC forge onward with promoting adherence to and updating the data security standard. This article will explore some of the most common attacks on the PCI DSS and how merchants and the ISOs and acquirers that serve them can better understand, embrace and deploy the standard within their organizations.

Caught in the crossfire

Most criticisms of the PCI DSS are overly broad, demonstrating a lack of understanding of the standard or review of even the most basic of its requirements. Others are very specific, which are more often than not currently being discussed by the PCI SSC or addressed in updates to the standard, such as the PCI DSS 2.0. Let's explore some of the most common criticisms.

PCI - An evolving standard

While the list of complaints may seem lengthy, the truth is the PCI DSS has forced the payments industry, financial institutions, businesses of all sizes and even consumers to pay more attention to information technology (IT) infrastructure and personal data security, and notable progress has been made toward improved security.

Terms of agreement

There is a statement both sides can agree upon: PCI compliance has largely been adopted as a point-in-time event. To be truly effective in preventing hacks and breaches, merchants and the ISOs and acquirers that serve them must maintain a continually vigilant security posture through the use of layered security, internal policies, continual review of all transaction equipment and payment terminals, and guidance from PCI-compliance and security solutions vendors.

The following correspondence from a PCI-compliance provider to its customers, demonstrates the importance of consistent application of and adherence to the PCI DSS:

Today, consumers are much more conscious of identity theft and protecting personal information than in the past. The PCI DSS provides a prescriptive baseline that improves security posture while providing a firm security foundation to build on. Meeting PCI compliance standards through constant and vigilant monitoring of business practices through the lens of the security standard is good for business.

By protecting against cardholder fraud, merchants are providing a valuable service and obligation to customers, as well as protecting one of their most important assets: their business reputations.

Steve Robb is Vice President of Products & Services for Atlanta-based ControlScan Inc., a provider of PCI compliance and security solutions that fit the specific needs of small- to medium-sized merchants. He can be reached at

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios