PCI Kills Retail Holiday Rush

Retailers feeling the rush of a Black Friday weekend high shouldn't forget they're also facing a major buzzkill on New Year's Day: As of Jan. 1, they'll face a new version of the Payment Card Industry's security requirements, according to Crain's Chicago Business

The PCI Data Security Standard version 3.0 still requires physical protection of point-of-sale devices, networks and servers, but new rules also focus on securing the data itself via improved password protocols and more specific firewalls.

PCI 3.0 also piles on the complexities for small and midsize merchants who use a third-party provider to handle payment cards. Previously, that limited the retailer's PCI responsibility to about 30 points of concern. With the new rules, merchants are no longer off the hook and are responsible for the payments process they're outsourced. The new rules can also add 100 or more additional security questions related to online commerce.

One 18-store restaurant chain profiled by Crain's Chicago Business said the new PCI rules prompted him to shift to a managed security model. Buona, a small suburban-Chicago chain, signed a three-year contract with Chicago-based Trustwave Holdings. Now the chain can get security updates through Trustwave's portal on a daily basis.

"I let them worry about the technical stuff so I have more time to spend educating my staff and making sure they're compliant with our password policies," said Mark Kearins, Buona's IT director, who admits he's no cybersecurity expert. "And now I know what my costs are going to be until 2017."



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment