PCI's Bob Russo: Data loss hurts brand more than a fine

As Christmas shoppers spend away and data breaches keep hitting the headlines, the Payment Card Industry's security council is charged with keeping customer's data safe.

As for the threat of fines, I can't comment on that as the card brands are in charge of that side of regulation. Thankfully, it hasn't come to that. But merchants are beginning to understand that the potential damage to their brand if they are involved in a security breach could far outweigh the cost of a fine. And they are realising compliance is becoming a differentiator that consumers can feel safer shopping with them.

Advertisement - Article continues below

How do you see the progress of PCI DSS efforts in Europe going specifically?

Europe is a little more boisterous that the US, but then it is further along in implementing the EMV chip. That's succeeded in lowering fraud at the counter with chip and PIN. But that's also basically succeeded in moving fraud over to CNP (card-not-present) transactions. I also think they're not shy in addressing any issues they are facing in complying with the standard.

Generally, I think European merchants have also done a lot more work on developing their transactional systems. Within the study I mentioned that we're launching, we're calling the EMV chip an emerging technology. But then you guys in Europe are using it every day. I remember back in the beginning of the roll out of PCI DSS, I heard merchants in the UK saying that they'd already jumped through hoops to become compliant with chip and PIN and done stuff to make their systems more secure that we hadn't in the US. And that's great, but the security issues are still there. One new technology doesn't solve the issue. And it's just one example that reflects the work that needs to be done to make sure the standard is as robust as possible.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

You've mentioned a major study that the council is launching in the New Year. How will it be conducted and what will it involve?

I can't say too much about its methodology as the study is now in RFP [request-for-proposal] stage, so its scope may change. But suffice as to say, it will very strongly focus on those emerging technologies I mentioned earlier to see how they affect, or don't affect the scope of the standard.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020