PCI Meeting: Fraud Fight is Global"Stolen Credit Card Information Is a Commodity That Has Worth"
Two hours into the opening day of the Payment Card Industry Security Standards Council's North American Community Meeting in Orlando, Fla., it's clear that emerging technology and EMV chip and PIN will be focal points of the two-day event.
Despite the absence of PCI Security Standards Council General Manager Bob Russo, pulled away for a family emergency, the thousand or so PCI delegates from North America, Asia-Pacific and Europe packed into the opening session prove that global payments security standards are inevitable.
"Cybercrimes are affecting the entire payment card industry," says Howard Cox, the event's keynote speaker. Cox serves as an assistant deputy chief for the Computer Crime and Intellectual Property Section within the Criminal Division of the U.S. Department of Justice, where he supervises the prosecution of federal computer crimes. "Stolen credit card information is a commodity that has worth to the criminal community."
Going forward, Cox says, government and industries, ranging from travel and hospitality to banking, will be faced with increased cybercrime sophistication. "Our need to work with global law enforcement is becoming more critical," he says.
Jeremy King, European regional director for the PCI Council, says that globalization of crime-fighting is being embraced by the council, and has pushed the group to expand its reach to spread the word about PCI.
"We are learning that throughout the world we are all dealing with the same issues, the same problems," King says. "Globally, we all need to achieve the same thing. This is not an American standard." Over the last year, European participation in PCI's participating organizations has grown 25 percent. Asia-Pacific and South America also have recently increased their embrace of PCI programs, King says.
Globalization of PCI standards is expected to encourage better sharing of information, not just about security breaches but also about emerging technology. "We have to do more sharing of information," Cox says, not only among countries but also among processors, financial institutions, merchants and any other entity that touches the payments chain. "Forty-four states have disclosure laws now. The DOJ is in favor of a nationwide standard."
Globalization also is leading the council to more closely watch and forecast the impact of emerging technology. Top of mind for discussion during this community conference: tokenization, EMV chip and PIN, encryption, virtualization, and wireless technology and communications.
"EMV and point-to-point guidance are just the first steps," King says. "There is a lot of work to be done. ... You should not approach PCI as just being PCI compliant. You need to think about payments security. Focus on good security, and compliance will follow."