PCI Standard: The background
The Payment Card Industry (PCI) Security Standard was introduced in June 2005 to try to improve levels of security for consumers and to protect them against the growing threat of ID theft. The Standard, brought in by card schemes MasterCard and Visa, mean that any organisation that accepts payments by credit card must comply with a series of new rules and regulations. The Standard is set to become enforceable by 30 June 2007, after which time, card schemes say that non-compliant companies may start facing large, but as yet undefined, fines.

What's the problem?
tif. retail subscribers - all major high street names - are finding it increasingly difficult to build a business case to implement the new Standard - especially as it comes hot on the heels of Chip and Pin. Subscribers are struggling due to a lack of clear guidance and direction from the card schemes and remain confused about exactly how the Standard should be implemented and the penalties for non-compliance.

What do we want?
The Corporate IT Forum is calling for the companies responsible for devising the PCI Standard - MasterCard and Visa - to reach a consensus and give a clear and unambiguous timetable for compliance. This will enable merchants to make a business case, budget properly, plan appropriately and know what they have to do by when.

The Forum is also urging the card schemes to develop clearer channels of communication between themselves and the acquirers to ensure that all parties understand their responsibilities.

The Forum has been working hard on behalf of its retail subscribers since 2005 to open up lines of communication between the card schemes, the 'acquirers' (who process transactions) and the Qualified Security Assessor companies (QSAs) authorised to audit compliance.

Do you want to be part of it?
Sign in with a few of your details to find out subscribers' current concerns and issues in further depth.

"All we want to know is what we have to do by when and what will happen if we don't do it. At the moment we're not getting any of this."

To find out more please sign in ...

What our subscribers are saying:
"How can I go to my board to ask them for additional money for PCI, or to divert money from priority projects, when I haven't been given a firm compliance date or an understanding of what the penalties will be if we don't comply? I see the need to implement PCI but I can't do it with the information I have now - PCI could literally cost millions and has little obvious business benefit."