Anti-Card Fraud Efforts Must Transcend PCI Compliance

Effective anti-payment card fraud efforts must go beyond compliance with PCI standards, according to Visa’s Ellen Richey. She notes best practices already exist that surpass technical PCI requirements, and they include guidelines and recommendations associated with the need for wider adoption of chip cards, tokenization, and point-to-point encryption. Richey also advocates limited storage of card data as another key fraud prevention measure, and says 90 percent of Visa’s merchants have certified that they no longer retain unnecessary information. Currently underway are initiatives to devalue the data routed through merchants’ systems, with one area of concentration being the EMV chip rollout, Richey says. “Today in data security, you need to be getting away from strictly building a fortress to protect data and pay more attention to what you do in case hackers should be in your environment,” she says. “Then, the second big item is to restrict the utility of the data in the hands of the retail industry.” In terms of EMV adoption, Richey says Visa has been striving to ensure the technology’s standards are deployable in the U.S. and customized to its market. A recent effort focuses on ensuring Visa has licensed the technology to guarantee all retailers can route payments in conformance with Dodd-Frank.

[divide]

From “Going Beyond PCI Compliance”
BankInfoSecurity.com (06/03/14) Goldschmidt, Megan