This page contains a Flash digital edition of a book.
Feature
STOPPING FRAUD
AT THE SOURCE
What’s so special about a payment card
transaction, asks Steve Wilson at VISA?
Steve Wilson NLIKE most other forms independent organisation, the participant has a voice. Hence PCI
from Visa
U
of payment, a card Payment Card Industry Security SCC involves representatives from
transaction is purely Standards Council (PCI SSC), was set the retail sector, the security
electronic. There is no up to manage its evolution. industry and the vendor community,
physical exchange, just Given the severity of the issue, as well as financial services.
the transfer of pure data. From this there is also a global, industry-wide So rather than dictate the precise
perspective, the function of the card mandate in place for every nature of the standard, we provide
is to marshal together all of the data organisation that processes, stores or support and guidance to the
necessary for a transaction. transmits sensitive cardholder data marketplace, help to identify and
Today’s criminals are very aware of to achieve PCI DSS compliance. mitigate the most urgent risks, and
this fact, argues Steve Wilson from At Visa Europe we recognise that: work co-operatively with the
Visa. • Irrespective of the issues faced by industry to ensure that PCI DSS is
In the early days, methods were the payments industry, data security implemented as widely and as
rudimentary and criminals focused has become a hot topic. In the UK, quickly as possible.
on the physical card. As the industry for example, government research We have a team of technical
matured, so too did the criminals. reveals that more than two-thirds experts based in Europe and we
Their focus shifted to the data stored of consumers worry about the have a representative on the board
and encoded on the card, hence the security of personal information. of PCI SCC to ensure that European
rise in skimming and counterfeit • There is a general expectation – stakeholders have a voice in the
crime. backed up by a legal requirement – evolution of the standard.
Now the focus is shifting again. for every business to protect its PCI DSS brings definite business
Why bother with the card at all? customers and safeguard any benefits. In particular it can:
Why not concentrate on all of those information relating to them. PCI • Identify any risks in the way data is
times and places where the DSS can really help companies live stored or transmitted
necessary data is stored, processed or up to this responsibility. • Provide a clear path of action and
transmitted? • There is a high degree of remediation to address any risks
In other words, criminals are interdependency in the payments • Ensure that service providers or
aiming to intercept or obtain data business, and his means that any third parties are not putting any
from within the payments participant is dependent on the other business at risk
infrastructure. By doing so, they can level of security deployed by every • Demonstrate to customers that a
commit fraud on a truly industrial other. business is serious about its
scale. This is why data security has • Based on market-driven scale payment and account information
become such an important issue. economies, many service providers
In recent years there have been are managing increasingly large Also, by minimising the risk of data
some spectacular cases of mass data databases – meaning that a single compromise, PCI DSS can protect
compromise. Many of the biggest security breach could affect against:
and most high-profile cases may millions of consumers. • Financial liabilities
have been perpetrated in the USA, • The risk of investigative and legal
but this is most definitely a global At the same time, we are sensitive to costs
issue – and it continues to be a business realities. We appreciate • The risk of invasive media
definite priority for Visa Europe. that for many retailers and service attention
providers achieving (or retro-fitting)
TOUGH ON COMPLIANCE – ALIVE PCI DSS compliance can be a The fact is that, as card acceptance
TO THE REALITIES significant undertaking. technologies and techniques have
In response to the threat of data evolved, payment card fraud has
compromise, Visa worked with other EXPERT SUPPORT AND GUIDANCE become more sophisticated. Every
card schemes to develop the Visa always saw the benefit of a business that stores or transmits
Payment Card Industry Data Security truly independent standard, which cardholder account data is a
Standard (PCI DSS) – and an evolves over time, in which every potential target. RF
24 • RETAIL FRAUD
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44
Produced with Yudu - www.yudu.com. Publish online for free with YUDU Freedom - www.yudufreedom.com.