Blog

Increased Security for Credit Card Data

02.06.2015

Credit cards are facing a rising tide of competition, at least in many European and Latin American countries. Online payment methods that are easier to use are emerging across the global payments landscape and increasingly taking the lead in many countries due to preferences for local payment systems. Online retailers however do not simply discount the inclusion of credit cards within their portfolio. On the contrary, online retail operators generally also accept payments by credit card and will keep doing so for a long time to come.
Despite this, the changeover to PCI DSS 3.0 at the beginning of 2015 has been ignored or overlooked by many in the retail business. The Payment Card Industry Data Security Standard defines the security requirements for the processing, archiving and transfer of confidential card information and Version 3.0 provides for a more stringent approach to these requirements. The precise details are set out in this 112 page PDF document:

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf.

For example, PCI DSS 3.0 establishes protocols for protecting networks where credit card data is processed and also regulates the protection of the data itself. In addition, the standard describes what access control should look like and where attention is needed in all the associated processing, such as up-to-date antivirus software, firewalls or regular security audits. For a summary of the changes introduced by PCI DSS 3.0, further information can be found in this PDF document:

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3_Summary_of_Changes.pdf

In short, PCI DSS 3.0 has increased security requirements across many areas and entities that process credit card data will need to ensure their systems are compliant.

The PPRO Group is a principal member of MasterCard and Visa and with a Level 1 PCI DSS certificate, we comply with the highest security standards. We foresee two effects of PCI DSS 3.0. For retailers and smaller credit card processors, implementing the security standards will become more difficult. In fact, we anticipate that several businesses in this segment may stop processing credit card data all together. The second effect will be a concentration of companies who are PCI DSS-certified and will remain so, leading to fewer points where credit card data is processed.
Taken together, this will result in more secure processing of card payments but also a continued shift towards greater acceptance of alternative forms of payment within the online retail space.

Explore other insights

You might enjoy these other nuggets of wisdom.

Blog AI and the future of payments Read more Blog Open Banking – A short interview with Ralf Ohlhausen Read more Blog 4MLD – impact of a new KYC regime for the e-money sector Read more Blog The credit card conundrum: safeguarding security while ensuring ease of use Read more Blog Top 10 Payment Trends for 2016 Read more allpago Leading German Quality Auditor Features allpago in PCI Certification Case Study Read more E-book Risk and fraud in international e-commerce Read more Blog International risk management Read more Blog Payment fraud types and how to prevent them Read more Blog Could biometrics give e-money its breakthrough? Read more 05.08.2014 Could the use of biometric data balance the e-money-customer due diligence equation? Market Research Portugal e-commerce market guide Read more

Contact our
Sales Team See our
jobs

Local payments platform

Access to hundreds of ready-to-deploy payment, acquiring, and risk products from multiple providers

Hello, we're PPRO

It's pronounced "p-pro" (in case you're wondering).

We crunch the data

so you don’t have to.

Documentation

Increased Security for Credit Card Data