Credit, Government, Personal Finance 

New Credit Card Security Rules

Email  Print Print  

Following the very public credit card related security breaches of last year, a Payment Card Industry data security standard (developed by MasterCard and VISA) was put into place and companies were required to comply by June 2005. This summer, that security standard will receive an update and some of the changes worry me a little.

Originally companies only needed to scan their networks for vulnerabilities and verify that there are no security holes. This requirement has been bolstered by an additional requirement that companies scan the payment software applications too, by 2008. This is a plus.

One change that worries me is that the PCI will now permit different ways of protecting your information, other than encryption. Originally, all your data would be encrypted so if a thief were to steal a laptop, the information would be safe. Now, the PCI will let companies use other methods of protecting your information such as firewalls. So, if someone cracked the laptop or breached the firewall, it’d be Christmas for them. This is a very very bad idea.

The only “defense” the proponents of the weaker encryption rules is that older machines sometimes can’t handle the encryption. I think the credit industry makes enough money from the billions and billions of transactions that they could replace older machines with ones that can handle something as mundane as encrypted data. (Or the government should fine them whenever a breach occurs so that it’s financially correct to use encryption, either way is fine) That’s a pathetic reason to remove something as simple as encryption.


{ 4 comments, please add your thoughts now! }

Related Posts

RSS Subscribe Like this article? Get all the latest articles sent to your email for free every day. Enter your email address and click "Subscribe." Your email will only be used for this daily subscription and you can unsubscribe anytime.

4 Responses to “New Credit Card Security Rules”

  1. Nick says:

    What machine in the world can run a firewall but can’t do a little encryption??? Sorry, credit card companies, lame excuse. Try again!

  2. CK says:

    There is some confusion here. I’ve been trying to type a comment to correct this but can’t figure out how to explain it.
    It’s not simply a matter of Visa (and etc.) being too lazy to encypt data.

  3. CK says:

    Credit card data is not kept on laptops. If by some chance some moron is it’s in violation of the rules whether or not it’s encrypted.

  4. jim says:

    The whole CardSystems fiasco was the result of a third party storing information they weren’t supposed to… and then of course there was this story last year of how 80,000 DOJ worker’s credit card info was stolen (that prompted the stolen laptop comment).

Please Leave a Reply
Bargaineering Comment Policy

Previous Article: «
Next Article: »
Advertising Disclosure: Bargaineering may be compensated in exchange for featured placement of certain sponsored products and services, or your clicking on links posted on this website.
About | Contact Me | Privacy Policy/Your California Privacy Rights | Terms of Use | Press
Copyright © 2016 by All rights reserved.