Payment security ‘a shared responsibility’

July 01, 2013

The payment card industry data security standard is something that various groups need to take seriously, including vendors, processors, acquirers and retailers, an expert has warned.

Bob Russo, general manager at the PCI Security Standards Council, explained that all aspects of the payment chain need to be aware of the risks they face.

In a piece for Retail Solutions Online , he emphasised that everyone needs to work together to make sure card data is being accepted, processed, transmitted and stored in the safest possible way.

However, having the right security programs in place is just one part of the issue – people are just as important in assessing just how data is dealt with as soon as it is received.

"This is why we need to be focused on helping retailers and their solutions providers work together to improve the security gaps we're seeing lead to compromise over and over again," Mr Russo wrote.

He used the example of choosing a business partner – it is, after all, essential to select someone you can trust as this will be critical to the success of an organisation.

A similar approach should be taken to selecting a security program, as making the wrong choice can have various ramifications further down the line.

Mr Russo pointed towards a number of common misconceptions that people make in relation to their systems, with one of them being that using a PCI DSS validated application is all they need to do to ensure complete security.

He emphasised that a misconfigured or poorly installed application can create all sorts of problems, as they need to be properly implemented and serviced to stay in line with PCI DSS regulations.

Business owners running online stores also need to make sure they are not falling foul of data protection legislation, as many of them believe it only applies to bricks and mortar stores.

As the expert highlighted, PCI applies to all systems and applications used in handling payments, no matter where they might originate from.

One of the main issues faced by retailers at the moment is their lack of understanding when it comes to payment security, Mr Russo stressed, which is why efforts need to be made to spread the word.

The PCI recently released new standards for PIN transaction security so that device manufacturers can offer more secure devices for accepting and processing payments.

These are just some of the changes that retailers will have to get to grips with in order to stay on the right side of the law.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *