Is Protection of Cardholder Identity the Purview of PCI?

by Mercator Advisory Group 0

Loyalty Program

One speaker at the recent Northeast Acquirers’ Association annual conference seems to make a argument for additional coverage by the PCI guidelines that will help secure the card data ecosystem against intruders seeking personal information about cardholders above and beyond account numbers, PINs, expiration dates, and card verification values.

What’s more, protection of broader elements of PII is a business opportunity for ISOs and merchant acquirers. The speaker in question, Linda Grimm, Director of Consulting with Compliance Solutions and Resources, stated:

“Who has this data?” Grimm asked her audience rhetorically. “Everybody.”

Acquirers have lots of information on the merchants they service, she pointed out.
What’s more, 95% of breaches result in the theft of information not protected by PCI data security standards, she said.

Meanwhile, the U.S. transition to EMV smartcards is lulling some ISOs, agents and merchants into thinking the need for complying with PCI standards to protect data is simply going to evaporate because chip cards are more secure than magnetic stripe cards, Grimm asserted.

“No,” she said in reply to her own statement. “Don’t let anybody fool you” about less need for PCI after the industry institutes EMV.

Click here to read more from ISO&Agent.

Featured Content