PCI Compliance Is Critical to Consumer Protection and ID Authentication

  • Compliance

Is there any industry standard more feared as PCI compliance? As with most industry standards, the rules seem overreaching and the supporting industry of vendors, ready to ensure compliance, plentiful. As cumbersome as the process may be, protecting consumer information especially credit data, is critical to ensuring confidence in merchants and processors. PCI does a great job setting a standard for keeping credit card data out of the hands of thieves.

But what about merchant transactions after a credit card has been stolen? Lets say a merchant is hacked and large amounts of client credit data are compromised. Most of the impact discussed in the media is speculative. The hacked firm faces the PR nightmare, but the true impact happens when a thief uses the stolen information; the merchants and people whose identity is stolen are truly hurt. The long-term impact is on the small merchants, left to clean up charge-backs. Ask anyone whose identity has been stolen what type of a mess it is cleaning up credit files.

PCI suggests using two-factor authentication, an established password plus something you have or something you are to prove a users identity. Using a 3rd party to independently verify and identify your clients fits the PCI model, and frankly, is just good business. IdentityVerification, such as out-of-wallet Knowledge Based Authentication, is a great addition to two-factor authentication and has no impact on a solid PCI plan. Merchants and processors absolutely need to focus on keeping credit data in their systems safe, but dont forget about keeping fraudulent charges/data from being processed!

[Contributed by Jeff Davis, President and CEO]