PCI Kills Retail Holiday Rush

Retailers feeling the rush of a Black Friday weekend high shouldn’t forget they’re also facing a major buzzkill on New Year’s Day: As of Jan. 1, they’ll face a new version of the Payment Card Industry’s security requirements, according to Crain’s Chicago Business

The PCI Data Security Standard version 3.0 still requires physical protection of point-of-sale devices, networks and servers, but new rules also focus on securing the data itself via improved password protocols and more specific firewalls.

PCI 3.0 also piles on the complexities for small and midsize merchants who use a third-party provider to handle payment cards. Previously, that limited the retailer’s PCI responsibility to about 30 points of concern. With the new rules, merchants are no longer off the hook and are responsible for the payments process they’re outsourced. The new rules can also add 100 or more additional security questions related to online commerce.

One 18-store restaurant chain profiled by Crain’s Chicago Business said the new PCI rules prompted him to shift to a managed security model. Buona, a small suburban-Chicago chain, signed a three-year contract with Chicago-based Trustwave Holdings. Now the chain can get security updates through Trustwave’s portal on a daily basis.

“I let them worry about the technical stuff so I have more time to spend educating my staff and making sure they’re compliant with our password policies,” said Mark Kearins, Buona’s IT director, who admits he’s no cybersecurity expert. “And now I know what my costs are going to be until 2017.”


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The September 2019 AML/KYC Tracker Report provides an in-depth examination of current efforts to stop money laundering, fight fraud and improve customer identity authentication in the financial services space.

Click to comment


To Top