PCI Meeting: Fraud Fight is Global

"Stolen Credit Card Information Is a Commodity That Has Worth"
PCI Meeting: Fraud Fight is Global
Editor's Note: Managing Editor Tracy Kitten is attending the PCI SSC Community Meeting in Orlando, Fla. This is the second in a series of stories on the event and its discussions.

Two hours into the opening day of the Payment Card Industry Security Standards Council's North American Community Meeting in Orlando, Fla., it's clear that emerging technology and EMV chip and PIN will be focal points of the two-day event.

Despite the absence of PCI Security Standards Council General Manager Bob Russo, pulled away for a family emergency, the thousand or so PCI delegates from North America, Asia-Pacific and Europe packed into the opening session prove that global payments security standards are inevitable.

"Cybercrimes are affecting the entire payment card industry," says Howard Cox, the event's keynote speaker. Cox serves as an assistant deputy chief for the Computer Crime and Intellectual Property Section within the Criminal Division of the U.S. Department of Justice, where he supervises the prosecution of federal computer crimes. "Stolen credit card information is a commodity that has worth to the criminal community."

Going forward, Cox says, government and industries, ranging from travel and hospitality to banking, will be faced with increased cybercrime sophistication. "Our need to work with global law enforcement is becoming more critical," he says.

Jeremy King, European regional director for the PCI Council, says that globalization of crime-fighting is being embraced by the council, and has pushed the group to expand its reach to spread the word about PCI.

"We are learning that throughout the world we are all dealing with the same issues, the same problems," King says. "Globally, we all need to achieve the same thing. This is not an American standard." Over the last year, European participation in PCI's participating organizations has grown 25 percent. Asia-Pacific and South America also have recently increased their embrace of PCI programs, King says.

Globalization of PCI standards is expected to encourage better sharing of information, not just about security breaches but also about emerging technology. "We have to do more sharing of information," Cox says, not only among countries but also among processors, financial institutions, merchants and any other entity that touches the payments chain. "Forty-four states have disclosure laws now. The DOJ is in favor of a nationwide standard."

Globalization also is leading the council to more closely watch and forecast the impact of emerging technology. Top of mind for discussion during this community conference: tokenization, EMV chip and PIN, encryption, virtualization, and wireless technology and communications.

"EMV and point-to-point guidance are just the first steps," King says. "There is a lot of work to be done. ... You should not approach PCI as just being PCI compliant. You need to think about payments security. Focus on good security, and compliance will follow."

About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network