Is there any industry standard more feared as PCI compliance? As with most industry standards, the rules
seem overreaching and the supporting industry of vendors, ready to ensure
compliance, plentiful. As
cumbersome as the process may be, protecting consumer information especially credit data, is critical to ensuring
confidence in merchants and processors.
PCI does a great job setting a standard for keeping credit card data out
of the hands of thieves.
But what about merchant transactions after a credit card has
been stolen? Lets say a merchant is
hacked and large amounts of client credit data are compromised. Most of the impact discussed in the media is
speculative. The hacked firm faces the
PR nightmare, but the true impact happens when a thief uses the stolen
information; the merchants and people whose identity is stolen are truly hurt. The long-term impact is on the small
merchants, left to clean up charge-backs.
Ask anyone whose identity has been stolen what type of a mess it is
cleaning up credit files.
PCI suggests using two-factor authentication, an established
password plus something you have or something you are to prove a users
identity. Using a 3rd party
to independently verify and identify your clients fits the PCI model, and
frankly, is just good business. IdentityVerification, such as out-of-wallet Knowledge Based Authentication, is a great addition to two-factor authentication and
has no impact on a solid PCI plan. Merchants
and processors absolutely need to focus on keeping credit data in their systems
safe, but dont forget about keeping fraudulent charges/data from being
[Contributed by Jeff Davis, President and CEO]