September 7, 2006 6:16 PM PDT

Credit card companies form security council

Five major credit card companies have teamed up in the interest of creating better security.

American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced Thursday the creation of an organization to develop and maintain security standards for credit and debit card payments. It's the first time the five brands have agreed on a single, common framework.

The newly formed Payment Card International (PCI) Security Standards Council will manage the PCI Data Security Standard, first established in January 2005 with the intention of making its implementation more efficient for all parties involved in a payment card transaction. That includes merchants, payment processors, point-of-sale vendors, financial institutions and more than a billion card holders worldwide.

The companies have come together despite being in competition with each other because they say ensuring better security will benefit everyone.

"First of all, it's to protect the information of our mutual customers and to make the process of data security compliance easier," said Rob Tourt, vice president of network services for Discover.

Having a single data-security standard is a critical issue for the entire industry and will simplify the process, said Brian Buckley, Visa's senior vice president of international risk management.

"Our view is that this is first and foremost an important initiative to get data security in place for payment cards," he said.

Having the common accepted set of rules should foster broader compliance, said Bruce Rutherford, MasterCard's vice president of payments. Those rules include instructions on proper data encryption, common technical standards and security audit procedures.

The first action of the new council was to update the PCI security standard, which was promised in May. The revision gives instructions for how to implement the new standards and clarifies language that was previously considered vague. For example, terms such as "periodically" and "regularly" were swapped for definite deadlines like "annually" or "quarterly" where appropriate. A statement released by the newly formed council said the revisions were the result of feedback from vendors, merchants and payment processors.

See more CNET content tagged:
Discover Financial Services, American Express Co., credit card company, security audit, data security

4 comments

Join the conversation!
Add your comment
Its about time...
Dear Credit Card Industry

Its about time since I have been monitoring this security issue for awhile and the government FFIEC needs help from the industy which is what it has been requesting all along. It sets guidelines but then expects the industry to change without specific direction left or right.

Anyway, the ID theft charge card platform for all cards has to be outside the charge card industry with a third party agency which has the solution so that all the competing platforms have a level playing field.

The consumers, remember us, we cannot beat the cyber thieves while the card serving platforms are simultaneously fighting amongst ourselves.

Therefore, the card platforms working together gives that third party agency a step up whomever they may be. Thats what I think anyway.

Janet McCall
Posted by Iohagh (54 comments )
Reply Link Flag
Put the Customer First
"Our view is that this is first and foremost an important initiative to get data security in place for payment cards," he said.

Put the **customers** (card users) first. It's that simple.

Unfortunately, the quote above does not specifially say that. Instead, I fear this will be another round of, "How much are we willing to suffer in losses to improve security? What's the cost-benefit analysis tell us?"

In the end this could be just another effort to halt the Fed's from taking action (after congress tires of hearing from angry constituents).

mark d.
Posted by markdoiron (1138 comments )
Reply Link Flag
Just so long as it's ok with you all that we merchants now have to pay an additional $85 per year (some of the big-boys pay $85 per quarter) and that new cost/expense WILL be passed on to the customers resulting in higher prices for EVERYTHING we buy.
Government inflicted price inflation. Bad for the merchant, bad for the customer, bad for America.
Posted by halebobbdotcomslashraving (3 comments )
Link Flag
What happened to ANSI?
ANSI has for years been the major banking, financial, trading and various other banking related business standards for years.

Why re-invent the wheel for credit card co's when it could have been done within ANSI?

FWIW
Posted by wbenton (522 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.