Credit cards are facing a rising tide of competition, at least in many European and Latin American countries. Online payment methods that are easier to use are emerging across the global payments landscape and increasingly taking the lead in many countries due to preferences for local payment systems. Online retailers however do not simply discount the inclusion of credit cards within their portfolio. On the contrary, online retail operators generally also accept payments by credit card and will keep doing so for a long time to come.
Despite this, the changeover to PCI DSS 3.0 at the beginning of 2015 has been ignored or overlooked by many in the retail business. The Payment Card Industry Data Security Standard defines the security requirements for the processing, archiving and transfer of confidential card information and Version 3.0 provides for a more stringent approach to these requirements. The precise details are set out in this 112 page PDF document: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf.
For example, PCI DSS 3.0 establishes protocols for protecting networks where credit card data is processed and also regulates the protection of the data itself. In addition, the standard describes what access control should look like and where attention is needed in all the associated processing, such as up-to-date antivirus software, firewalls or regular security audits. For a summary of the changes introduced by PCI DSS 3.0, further information can be found in this PDF document (https://www.pcisecuritystandards.org/documents/PCI_DSS_v3_Summary_of_Changes.pdf). In short, PCI DSS 3.0 has increased security requirements across many areas and entities that process credit card data will need to ensure their systems are compliant.
The PPRO Group is a principal member of MasterCard and Visa and with a Level 1 PCI DSS certificate, we comply with the highest security standards. We foresee two effects of PCI DSS 3.0. For retailers and smaller credit card processors, implementing the security standards will become more difficult. In fact, we anticipate that several businesses in this segment may stop processing credit card data all together. The second effect will be a concentration of companies who are PCI DSS-certified and will remain so, leading to fewer points where credit card data is processed.
Taken together, this will result in more secure processing of card payments but also a continued shift towards greater acceptance of alternative forms of payment within the online retail space.