Addressing Current PCI Compliance Challenges

How Does The Credit Card Industry Operate?

There are several major players in the credit card industry chain (Shift4 Corporation, 2008). At the center of the chain is the customer who gets a credit card from the issuer (the financial institution that issues the credit card to the customer). The customer presents the credit card to the merchant in order to purchase a service or product. The merchant transmits this information to the merchant bank (also called the acquirer) for subsequent transmission to the issuer, who either approves or declines the request. This decision is transmitted back the same chain to the customer. The acquirer charges the merchants a fee in the form of a discount rate for acting as the middleman and then gives the issuer and the card companies a designated percentage of this fee. A significant aspect of the work of credit card companies such as VISA is to design regulations for the use and acceptance of credit cards.

Customers shopping at brick and mortar stores have to swipe their credit cards at the point of sale (POS) system when purchasing goods. This captures the full magnetic track data on the credit card (cardholder name, credit card number or primary account number (PAN), expiration date, and other optional data). This is the most precious data for data thieves because it enables them to make counterfeit cards which can be used just like the real ones. On the other hand, e-commerce customers shopping on the Internet have to enter their names, credit card numbers, expiration dates and their security codes which are transmitted over the web to the acquirer (merchant bank) via the merchant. This is the second most important set of data for the card data thieves because it enables them to make fraudulent online purchases undetected.