With the requirements set up by the Payment Card Industry Data Security Standards (PCI DSS), a lot of businesses scratch their heads and ask whether PCI is a law. The answer to this question is very short and simple no PCI Compliance is not a law.
Will PCI Compliance be a Law in Future?
To make the things more clear, let's go in detail about this topic. At the moment it is not a federal law; but still there are some state laws that are in effect (while some might go in effect in future) to implement the requirements of PCI DSS. The story does not end here there is a big press on from the industry trade association and legislatures, to pass a federal law about breach and security notification.
Plastic Card Security Act
In 2007, "Plastic Card Security Act" was established in Minnesota which stated that if a company is breached and later on it is discovered that the company was storing prohibited PCI data like CVV codes, magnetic stripe, track data etc. then it is required to repay banks and other individuals costs linked with reissuing and blocking of cards. According to this law such companies are open to private lawsuits. The law at the moment is not to be implemented on Level 4 merchants (carrying out less than 20,000 card transactions per year).
On this, it was announced by the state of Massachusetts that it will commence a new law, 201 CMR 17.00. For example, the law stated the need of limiting the data collected, and further stated about data encryption and written security policies. The law would be implemented on any company storing or handling customer data based in Massachusetts. The enforcement of law was pushed back to 2010, when it was meant to be in action from 2009. Like all the previous laws this law also didn't include level 4 merchants to be enforced by the law.
None of the above stated law stated anything about being PCI Compliant. More states are in need of customers' notifications when a data breach finds its way, as the time goes on the definition of the data which is personal information will also have credit card numbers included in it.
What are the Possibilities?
With all that said, is it possible that we will get to see devotion to PCI Compliance and more specifically call it out as a law? Well there is no guarantee about it; but it might be possible, as you don't know anything about future. The government does take time to get things done and PCI compliance is still evolving. So, it will be quite difficult for the legislatures to keep up with the pace of new technology changes being put forward by PCI.
It is possible to a certain extent that in the future more states will recognize credit card data as personal information and will carry out strict actions against the companies neglecting the proper security. Also, in upcoming time there might be direct financial incentives to companies with far greater security postures.
Secure your Business with BuyerShield® Approved PCI Compliance Security Scanning and stop Security threats before they stop you. Learn more today.
Subscribe to:
Post Comments (Atom)
Popular Posts
-
At the present time, fashionable outfits, fashion ornaments and finally the fashion accessories make the women's wardrobe collection com...
-
At the present time, fashionable outfits, fashion ornaments and finally the fashion accessories make the women's wardrobe collection com...
-
Undoubtedly, VoIP technology has swept the way modern communication is being done. All thanks to internet technology whose growth has simult...
-
Water may be considered one of the world's most fundamental nutrients for life. Therefore, a lack of water within the body is capable of...
-
The computer bag industry is booming, with customers no longer having to stick to the standard black nylon carry case. Computer bags have no...
-
Network switches are a useful piece of hardware to include in a computer network that consists of several devices. There are a few types of ...
-
USB sticks, or flash drives as they are also known, are becoming an ever more popular format for the transfer of data between businesses and...
-
Recycling of old computers and electronic gadgets is not only a matter of accruing profit, but also a clever stride to take, towards the cre...
-
The expression, PCI Compliance, means the Payment Card Industry Data Security Standard. This is a global directed program designed to protec...
-
Choosing the right style of bag for everyday use can involve a variety of factors. Beyond the ability to be both functional and stylish, oth...
No comments:
Post a Comment