Addressing Current PCI Compliance Challenges

Addressing Current PCI Compliance Challenges

Benjamin Ngugi (Suffolk University, USA), Glenn Dardick (Longwood University, USA) and Gina Vega (Salem State University, USA)
DOI: 10.4018/978-1-60960-200-0.ch009
OnDemand PDF Download:
List Price: $37.50
10% Discount:-$3.75


This study reviews the progress made by the introduction of the Payment Card Industry (PCI) compliance rules in the USA. Available data indicate that compliance has grown but several issues remain unresolved. These are identified within, along with an analysis of the feasibility of several solutions to the challenges that have hampered compliance with the Payment Card Industry rules. These solutions are evaluated by the extent to which they can help the merchants meet their business objectives while still safeguarding the credit card data. The first solution involves upgrading the current PCI standards as suggested by the PCI council. The second solution would require moving the burden of credit card information storage to the credit card companies and member banks, as suggested by the National Retail Federation. A third option reflects a socially responsible approach that protects the interests of all stakeholders. The study concludes by suggesting the way forward.
Chapter Preview

How Does The Credit Card Industry Operate?

There are several major players in the credit card industry chain (Shift4 Corporation, 2008). At the center of the chain is the customer who gets a credit card from the issuer (the financial institution that issues the credit card to the customer). The customer presents the credit card to the merchant in order to purchase a service or product. The merchant transmits this information to the merchant bank (also called the acquirer) for subsequent transmission to the issuer, who either approves or declines the request. This decision is transmitted back the same chain to the customer. The acquirer charges the merchants a fee in the form of a discount rate for acting as the middleman and then gives the issuer and the card companies a designated percentage of this fee. A significant aspect of the work of credit card companies such as VISA is to design regulations for the use and acceptance of credit cards.

Customers shopping at brick and mortar stores have to swipe their credit cards at the point of sale (POS) system when purchasing goods. This captures the full magnetic track data on the credit card (cardholder name, credit card number or primary account number (PAN), expiration date, and other optional data). This is the most precious data for data thieves because it enables them to make counterfeit cards which can be used just like the real ones. On the other hand, e-commerce customers shopping on the Internet have to enter their names, credit card numbers, expiration dates and their security codes which are transmitted over the web to the acquirer (merchant bank) via the merchant. This is the second most important set of data for the card data thieves because it enables them to make fraudulent online purchases undetected.

Complete Chapter List

Search this Book: