« Background Checks on IT Personnel | Increased Scrutiny From Card Associations in 2007 »

The State of PCI Compliance 2007

Ellen Messmer has written an excellent article in the 1/25/07 edition of Network World entitled “Credit Card Industry Struggles to Enforce Security Standard.”

Rob Tourt, vice president of network services at Discover, comments on the state of PCI compliance and admits that compliance is not widespread. “All the merchants are required to comply with the PCI data-security standards or face fines.”

Ms. Messmer writes that “Visa’s new approach calls for levying punitive fines on banks that fail to get their merchant customers to comply with the PCI standard….”

A very interesting fact is that, according to Visa, only 36% of level 1 merchants is PCI compliant and only 15% of level 2 merchants. Visa levied $4.6 million in fines in 2006.

Perhaps the most interesting part of the article is Ms. Messmer’s assessment that “The frequency of news about data breaches could soon put the card-processing business community in the hot seat with Congress. The new chairman of the House Financial Services Committee, Barney Frank (D-Mass.), voiced dismay earlier this month over the TJX breach, and his aides suggested he might consider legislation aimed at payment-card protection.”

This entry was posted on January 28, 2007 at 10:17 pm and is filed under Payment Card Industry / Credit Card Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response or trackback from your own site.

Leave a Reply