ABOUT PCI COMPLIANCE AND WORLD BANKCARD SOLUTIONS

ABOUT PCI COMPLIANCE AND WORLD BANKCARD SOLUTIONS
Payment Card Industry (PCI) compliance is a ever evolving and complex subject affecting millions of businesses – acquiring banks, processors, hosts, shopping carts, e-commerce and retail merchants and other merchant services providers. World Bankcard Solutions is committed to providing its merchants with the utmost security and is working with its sponsoring banks towards meeting all PCI compliance standards. World Bankcard Solutions is working with experts in the industry to deliver the latest information about PCI compliance guidelines, trends, best practices and practical tips to help educate the entire PCI compliance food chain.
Is PCI Compliance a Law?
Is PCI compliance a law? The answer is no. While it is not currently a federal law, there are state laws that are already in effect (and some that may go into effect) to force components of the PCI Data Security Standard (PCI DSS) into law. In addition, there is a big push by legislatures and industry trade association to enact a federal law around data security and breach notification.

In 2007 Minnesota established the “Plastic Card Security Act” which states that any company that is breached and is found to have been storing “prohibited” PCI data (e.g., magnetic stripe , CVV codes, track data etc) are required to reimburse banks and other entities for costs associated with blocking and reissuing cards. This law also opens up these companies to private lawsuits. Currently, the law does not affect Level 4 merchants (less than 20,000 transactions a year).

Massachusetts recently announced that it will introduce a new law, 201 CMR 17.00, which pulls some important concepts from the PCI DSS. For example, the law has requirements around limiting data collected, requiring written security policies and data encryption. This law would apply to any company who has customer data (or handles it) from customers based in Massachusetts. Recently, compliance enforcement of this law was pushed back until 2010, but unlike previous laws, this one does not have a stipulation that excludes Level 4 merchants from complying with the legislation.

Currently none of these state laws mentioned above specifically call out PCI compliance, but the parallel is obvious. More and more states are requiring notifications of customers upon a data breach and as time goes on, the definition of what data is considered personal information will expand to include credit card numbers.

Will we ever see adherence to PCI compliance called out specifically as a law? It is unlikely, but nothing is outside the realm of possibility. The government typically moves slowly and PCI compliance is still an evolving state. It will be difficult for legislatures to keep up with all the necessary technology changes. It is more likely that as time goes on, more and more states will classify credit card information as personal information and find punitive measures to make companies with negligent/non-existent security accountable. In the future there may also be direct financial incentives to companies with high security postures and PCI compliance is a great step towards becoming secure.

If you are a retail store or an online merchant and are not sure if your company is in PCI Compliance, or if your company is not compliance and needs to be contact: John Gerena @ World Bankcard Solutions for more information.

Sincerely,
John Gerena
Chief Excutive Office
World Bankcard Solutions, Inc.
Ph. 407-992-8394
johngerena@wbcsmail.com
www.worldbankcardsolutions.com
www.freeequipmentnow.com