» Topic:  Credit Card Brokers Launch Security Effort

» Added by:  Matt Hines

» Date:  9.9.2006

  A handful of the planet's largest credit card companies have come together to create a new effort aimed at promoting common data security standards.

Backed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, the new group aims to bolster the security of credit card transactions. The effort was created specifically in response to the growing issue of identity fraud related to the use of IT-related schemes by criminals, including online phishing scams and fraud carried out as a result of corporate data breaches.

Researchers at security software maker McAfee said recently that the volume of identity thefts attempted in the United States will soon equal the number of adults living in the country.

Dubbed the PCI Security Standards Council, the industry consortium will oversee the development and evolution of the PCI (Payment Card Industry) Data Security Standard, first proposed in 2005, which is meant to help financial companies better protect their customers' personally identifiable data used in electronic transactions. The primary benefit of pulling together the industry leaders will be the additional backing given to a common security process for safeguarding credit card information, the group said.

As part of the launch, the PCI Security Standards Council also announced version 1.1 of the PCI Data Security Standard, which includes new recommendations regarding techniques that can be used to boost the security of transactional applications and business networks. The newest iteration of PCI adds new compliance requirements for companies handling credit card data.

The partners said that they collectively represent roughly one billion credit and payment card customers worldwide, who they contend will directly benefit from the group's work to lend consistency to the securing of electronic transactions.

"The payment brands that founded the Council are committed to ensuring the ongoing development of data security standards that are both efficient and effective," Seana Pitt, chairperson of the PCI Security Standards Council, said in a statement. "The creation of this council is a significant step forward in protecting cardholder information and it underscores the critical nature of this effort."

Members of the council are already involved in the development of a common security framework that is more "accessible and efficient" for companies who process credit card payments, including merchants, POS (point-of-sale) vendors and financial institutions. Among the specific goals of the effort is the creation of a global, industrywide technical data security standard for the protection of account holder information.

Other work will include efforts to reduce the amount of investment and time demanded of companies in meeting compliance demands of the group's Data Security Standard, along with creation of a list of technology providers and consultants capable of helping companies meet those terms. The PCI Security Standards Council will also push to improve training and certification processes related to a number of electronic transaction regulations, and launch a common forum through which the group's members can share information.

"Ensuring the security of electronic payments is of paramount importance to all stakeholders, not just the payment brands," Pitt's statement said.

The security council is also seeking input from other companies with a stake in the protection of transactional data and pledged that companies that participate in the initiative will be given the ability to contribute input on any drafts of potential changes to security standards. In addition, those organizations will be included in the election of the PCI Security Standards Council's Board of Advisors.

Source:
http://www.eweek.com/