Tuesday, May 29, 2007

Additional Stakeholders to Get Voice In Defining Payment Card Industry Data Security Standard

According to this article from Computer World, future developments in the Payment Card Industry Data Security Standard (PCI DSS) will be decided, not only by credit card companies, but also by an advisory board made up of other stakeholders, such as representatives of major retailers. Retailers, unsurprisingly, see this as a positive development, given that being PCI compliant can be a significant burden, and those who need to achieve that compliance (e.g., retailers) would like to have some say in how the standard develops. However, even with the new advisory board, there are still some serious complaints about the standard. For example, Avivah Litan, an analyst at Gartner explained that
Currently, each of the five credit card brands has its own implementation, auditing and enforcement practices, and it’s a huge challenge for businesses to keep up with all of them, Litan said. What’s really needed, she said, is a way to rationalize the implementation of the PCI standard.
Whether such rationalization will ever come is anyone's guess. However, at this point, even without rationalization, the PCI standard is likely to become a bit less onerous and a bit more helpful for those who are actually responsible for implementing it.

No comments: