PCI DSS And The Value To The Consumer

I hosted a CIO roundtable and dinner last night and the topic was PCI DSS (Payment Card Industry Data Security Standard). While this has been around for a while, it is only now becoming an issue for companies to become compliant. In essence it is a set of policies and procedures which are designed to optimize the security of transactions, primarily credit and debit cards. The idea being that securing the information makes it harder for criminals to use for fraudulent purposes. Comparisons were made to the indroduction of chip and pin - also to reduce fraud. However, from my perspective (and this was the question I asked) how does the consumer relate to PCI DSS… after all we all know and ‘love’ chip and pin.

There wasn’t an obvious answer - if your credit card is cloned then you can seek recompense from the issuer, so why do you (as a consumer) need to worry? I think the answer is that you don’t - if there is a data breach then you might stop using the shop, you may get a new credit card but you won’t stop using credit cards. (Its a different story if you used a debit card.) However, it does drive down confidence - which will curtail spending, which in turn will curtail growth, which is not good for anyone.

PCI DSS can be used as the lever to begin implementing a more comprehensive information protection strategy - and as an opportunity to show to customers that you do care about their information is no bad thing.

March 19, 2008 | Filed Under security | Leave a Comment