Regulators in Texas are getting serious about protecting credit and debit card transactions. This Computerworld story on Payment Card Industry (PCI) standards reports on a 139-0 vote in the Texas House of Representatives in favor of HB 3222, which mandates that a non-compliant company reimburse banks or credit unions for the cost of blocking and reissuing cards if a breach occurs. The initiative now goes before the state senate.
PCI, the story says, features 12 rules that are backed by the big players in the credit card industry, such as Visa, Mastercard, Discover and American Express. The story provides a lot of good background on PCI and what legislators in Texas have in mind. Apparently, there is not a groundswell of support for government involvement in PCI. At the end of the story, the writer says that a representative in Massachusetts has proposed a similar move. That suggests that little is happening elsewhere.
There are varying assessments of the overall progress toward compliance. This story at The Green Sheet quotes Visa U.S.A. as saying that only about one-third of large retailers comply with PCI rules.
Smaller companies may be doing a bit better, at least if this press release from Hughes Network Systems is any indication. The company ran an informal survey of restaurants at the Hospitality Magazine's 2007 MURTEC tradeshow. The survey found that four out of five eateries made "significant" progress toward compliance. These efforts are focused on point-of-sale and back-office systems, the piece says. It did add that full compliance had not been achieved by the "vast majority" of companies.
As the dust begins to settle from the massive TJX breach, attention is turning toward better protection of credit and debit card information. It seems that progress is sporadic and inconsistent. Players in the credit/debit card structure include financial institutions, companies that execute transactions and the retailers themselves. Mutli-layer sectors usually feature buck-passing and political intrigue; PCI seems to be no different. The bottom line is that everybody realizes that financial transactions must be better secured. Hopefully, the industry will work through the issues and take care of business.