PCI standards board asks PwC to review secure tech options

PCI standards board asks PwC to review secure tech options

The PCI Security Standards Council has asked PricewaterhouseCoopers (PwC) to carry out research into technology that can be used by merchants, service providers and processors to secure cardholder data.

PwC will research, identify and evaluate technologies that can help reduce or eliminate the storage, processing, or transmission of cardholder data.

The firm's recommendations will be used by the PCI SSC as it bids to find technology that will help improve adoption rates and reduce costs for the implementation of its standards.

PwC will also provide an assessment of the impact of the new technology approaches on the current PCI Data Security Standards and considerations for implementing the new IT.

Mark Lobel, principal, security and privacy, PwC, says: "We look forward to leveraging our deep experience in information security and payment processing technologies that will hopefully make it easier for the PCI SSC to define standards that help protect the safety of cardholder data."

The PCI Security Standards Council was set up in 2006 by card issuers American Express, Discover Financial Services, MasterCard, Visa and JCB in a bid to improve payment account security throughout the transaction process.

However, the organisation has come in for criticism recently, particularly in the wake of major security breaches at Heartland Payment Systems and RBS WorldPay.

Both firms were on Visa's list of PCI Data Security Standard compliant service providers at the time they were breached, having been given the go-ahead after assessments.

Heartland has since moved to go beyond PCI requirements, committing several million dollars to an end-to-end encryption system.

Meanwhile, in the UK, a survey earlier this month revealed that around 60% of online retailers do not even know whether they are in compliance with PCI DSS.

Comments: (0)