Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

PCI And The Circle Of Blame: Page 10 of 11

Press for a federal breach disclosure law. At present, 40 of 50 states have laws that define how organizations must report a breach of sensitive data. A uniform federal law that includes rules regarding improper disclosure of credit card account information will reduce the hassle and expense of addressing the issue state by state--and give retailers no excuse if they get it wrong.

Provide more uniform Level 1 audit guidelines, including sample sizes for assessing individual retail stores. Individual store audits should be based on a total percentage of stores in addition to store configurations. To offset the cost of additional store audits, the card brands should provide incentives, such as lower transaction rates or rebates, to acquiring banks. The banks can pass these savings on to retailers.

Finally, make card brands share the cost of credit card fraud. At present, the card brands don't incur any of this financial burden. Issuing banks--the banks that provide credit cards to consumers--shoulder as much as 70% of the cost of fraud, including swallowing bogus transactions, canceling accounts, and issuing new cards. The remaining 30% is absorbed by merchants and acquiring banks. If the card brands have a financial stake in fraud costs, they will have a clear economic incentive to vigorously enforce credit card security measures.

PCIs Cast Of Characters

(click image for larger view)

Continue to the sidebar:
Can You Buy PCI Compliance?