PCI SSC warns European merchants to improve card security

PCIThe Payment Card Industry Security Standards Council (PCI SSC) warned at its recent Berlin community meeting that merchants throughout the EU should improve their payment card security.

Europe’s use of EMV (Chip and PIN) cards, which require two-factor authentication, has significantly reduced the amount of card-present fraud, but card-not-present fraud remains a problem, especially for e-commerce transactions. Critical information – like cardholders’ names and cards’ expiry dates – remains relatively easy to acquire online, even in EMV messages, so the need for robust security practices persists.

The PCI SSC’s European director Jeremy King commented: “Criminals are much more focused and much more efficient today… and PCI is more important than ever – as a community we must continue to work together to secure the future of payments.”

The PCI SSC administers the PCI DSS (Payment Card Industry Data Security Standard), a mandatory set of payment security controls for organisations that store, transmit or process cardholder data.

Over the next few months, the PCI SSC will work with banks to draw up a list of payment providers that comply with the PCI DSS. E-commerce merchants will then be able to benefit from the expertise of approved payment service providers without having to bear the responsibility of securing e-commerce payments on their own.

The PCI SSC also plans to release guidance for acquiring banks on providing services for e-commerce merchants. The main aim of the new initiative is to help smaller merchants, but organisations of all sizes will benefit from banking services that automatically offer strong security for online transactions.

Following its Berlin meeting, the PCI SSC also updated its guidance for merchants who accept mobile payments and its guidance for developers. Both can be found in the PCI SSC Documents Library.

PCI DSS A Pocket GuideIf your organisation accepts, or is planning to accept, online or mobile payments, then you need to ensure that your security posture complies with the PCI DSS.

For more information, please read our comprehensive introduction to the Standard, PCI DSS: A Pocket Guide >>

 

For further information on the PCI DSS, you can also download and read our free green paper on the subject.ISO27001GP

Leave a Reply

Your email address will not be published. Required fields are marked *