The US retail trade body the National Retail Federation has added its voice to the growing chorus of calls for the way the Payment Card Industry Data Security Standard operates to be reassessed. But its recommendations may not be as helpful for retail in the UK as they first seem.
The US retail trade body the National Retail Federation has added its voice to the growing chorus of calls for the way the Payment Card Industry Data Security Standard operates to be reassessed. But its recommendations may not be as helpful for retail in the UK as they may at first seem.
Already, the British Retail Consortium has lobbied the payment card brands Visa, MasterCard and American Express in the UK, over what it sees as unfair fines on retailers because the standard is not achievable.
The NRF, along with US trade bodies for other types of merchants such as hotels, restaurants are fuel stations, has written to the PCI Security Standards Council and card schemes asking for changes.
In particular, it wants them to look at how long retailers are given to upgrade their systems once revisions to the standard are made. The letter suggests that the largest tier one retailers currently don’t get enough time to make enterprise-wide changes to maintain compliance once revisions to the standard are made.
In a more substantial move, it also wants adoption to be considered of a payment card security standard that has been proposed by US financial services standards body the Accredited Standards Committee X9. This could include end to end data encryption.
While it benefits all retailers that the NRF is lobbying on simplifying the standard and making it more achievable for retailers, its recommendation that the PCI Security Standards Council partners with ASC X9 is worrying. The standard is supposed to be global, and this could see it repositioned as a US-centric initiative.
Already retailers in the UK complain that it is hard to prove compliance with the standard when some of the questions in the audit they must complete do not apply to them. Introducing major changes based on the needs of the US – which doesn’t benefit from chip & PIN protection – would make the standard even more of a burden on UK retailers than it already is.
Meanwhile, the news of German retailer Arcandor’s administration puts a new light on the announcement earlier this year that its outsourcing deal with EDS was to be terminated early.
It is all too easy to look at a move like this and assume that the retailer wasn’t happy with the service it was receiving.
Now the scale of Arcandor’s financial problems are being revealed, the claim that EDS was fulfilling its end of the bargain looks even more likely.
No comments yet