24 September 2017
visit www.avoka.com

Retailers flag PCI anti-trust concerns with FTC

03 June 2016  |  8721 views  |  2 Credit card

US retailers are calling on the Federal Trade Commission to investigate the activities of the Payment Card Industry Security Standards Council ahead of a possible move by the watchdog to adopt the Council's PCI DSS protocols as an example of best industry practice.

The National Retail Federation has flagged anti-trust concerns with the FTC, slating the PCI for allegedly enforcing standards that serve to cement the power of the major card schemes.

NRF’s allegations come as the FTC is conducting an inquiry into how third-party companies perform assessments of PCI compliance by retailers and other businesses that accept credit cards. NRF understands that the FTC is also considering PCI requirements as an example of industry best practices.

“We urge the FTC not to rely on PCI DSS for any purpose, particularly not as an example of industry best practices nor as a benchmark in determining what may constitute responsible data security standards in the payment system or any other sector,” NRF SVP and general counsel Mallory Duncan said in a letter to FTC chairwoman Edith Ramirez and other commission members.

The letter continues: “We believe you will conclude PCI itself is an inappropriate exercise of market power by the dominant US payment card networks and PCI should not continue setting data security standards through its current processes.”

The PCI council was formed in 2006 by the major credit card companies - Visa, MasterCard, American Express, Discover and JCB - and is governed by an executive committee made up of representatives of only those five companies.

In a 19-page white paper submitted to the FTC, NRF says the card companies use their market power to “unfairly leverage their brands and proprietary technology through webs of closely controlled interdependent bodies and compliance regimes” including the council. While portrayed as voluntary, the Payment Card Industry Data Security Standard requirements set by the council are “forced upon businesses that cannot refuse to accept credit and debit cards.”

The council’s practices “raise antitrust concerns” for a number of reasons, including “general antitrust dangers when competitors collaborate on setting market standards” and “more targeted concerns insofar as they allow the networks to leverage their proprietary technology,” the paper contends.

Among other concerns, PCI requirements act as “as an anticompetitive barrier to innovation” because they “exhaust” funds and other resources retailers have available for data security, the paper alleges.

Comments: (2)

Peter Robinson
Peter Robinson - Liberti Consulting - Northampton | 03 June, 2016, 16:50

I couldn't agree more.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Chris Brown
Chris Brown - Trusek - Amersham | 08 June, 2016, 16:01

This is great news. The PCI council is answerable to no one on whom they impose these standards and each iteration bring in more and more draconian rules for which they bear none of the costs. The merchants and service providers have no alternative but to comply or fold. It makes no difference whether an individual rule has any meaningful benefit in one particular case as the "one size fits all" approach is taken for the ease of the council and eventually the merchants and the card holders get to pay.

Thanks, Chris

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

LifeLock pulls Wallet app over PCI compliance fears

LifeLock pulls Wallet app over PCI compliance fears

20 May 2014  |  6187 views  |  8 comments | 9 tweets | 11 linkedin
PCI security vendor Trustwave named in Target breach suit

PCI security vendor Trustwave named in Target breach suit

26 March 2014  |  6533 views  |  0 comments | 4 tweets | 7 linkedin
Global Payments taken off PCI lists over data breach

Global Payments taken off PCI lists over data breach

02 May 2012  |  8931 views  |  0 comments
PCI security standards in the dock

PCI security standards in the dock

12 January 2012  |  11713 views  |  7 comments
Atlanta Fed staffer questions value of PCI guidelines

Atlanta Fed staffer questions value of PCI guidelines

01 June 2011  |  9623 views  |  2 comments
PCI standards board asks PwC to review secure tech options

PCI standards board asks PwC to review secure tech options

24 June 2009  |  7264 views  |  0 comments
PCI security standards council established

PCI security standards council established

08 September 2006  |  8100 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.sibos.comvisit www.temenos.comvisit www.vasco.com

Top topics

Most viewed Most shared
HSBC switches on selfie payments in ChinaHSBC switches on selfie payments in China
13316 views comments | 28 tweets | 44 linkedin
AXA launches blockchain to cover late flight compensationAXA launches blockchain to cover late flig...
9570 views comments | 13 tweets | 28 linkedin
Apple P2P payments service nears launchApple P2P payments service nears launch
8564 views comments | 19 tweets | 27 linkedin
SBI Ripple Asia advances on South KoreaSBI Ripple Asia advances on South Korea
8266 views comments | 16 tweets | 1 linkedin
European Commission makes fintech a priority in supervisory shakeupEuropean Commission makes fintech a priori...
8037 views comments | 32 tweets | 45 linkedin

Featured job

Find your next job