It has been eight years since the card brands helped establish the PCI Security Standards Council.  The intent was to educate merchants and provide a security framework for companies who process store or transmit credit card information. The ultimate goal was to make credit card transactions more secure, reduce credit card theft and protect consumer’s financial and personally identifiable information.

Eight years have passed and far too many breaches have occurred.  Target, Neiman Marcus, and Michaels Stores are the latest breaches that have received national media attention while many others go virtually unreported. One thing is for certain billions of dollars have been lost and the costs associated with these losses are ultimately passed on to the consumer.

Eight long years and only a small fraction of merchants can say they are compliant at any given point in time and far fewer can say their systems are secure all year long. 

The PCI Council is not to blame for the security breaches nor are they responsible for the lack of merchant adoption.  The council continues to raise industry awareness, educating merchants and providing expert guidance.  The Council was never intended to be a vehicle of enforcement and this is where the industry fails consumers.

Consumers are not much better off today then they were eight years ago.  Few consumers know anything about PCI Compliance and none know whether the companies entrusted with their credit card information are secure.  There is no transparency in the industry. Consumers must be given the tools and information to make safe and secure purchasing decisions. is that tool!  Developed to provide transparency and information where is doesn’t currently exist.  

The current system is broken.  The assessment process is broken and compliance enforcement is broken.  Every breach and every loss shines brightly on the shortcomings of this compliance experiment.   

We can fix the system and elevate consumer protection and confidence.  We need a collaborative industry approach that continues to provide training, awareness and guidance.  We need merchants to adhere to security best practices. We need payment acquirers to police, enforce and penalize those merchants that put consumer credit card data at risk before a breach occurs.  Above all else we need transparency, providing consumers with all the information necessary to make informed and smart choices.

Posted in: Hospitality