$200bn of Credit Card Transactions Will Not Meet Payment Card Industry’s Security Standards in ’07,

PCI DSS compliance is simply Infosecurity best practice, says security management vendor

[UKPRwire, Tue May 29 2007] ExaProtect, a leader in intelligent security management, calculates that over $200 billion in consumer and business credit card transactions made during 2007 will not meet the data security standards managed by the Payment Card Industry (PCI) Security Standards Council.

Despite moves by the PCI Security Standards Council to encourage larger retailers and other organisations to demonstrate compliance with its 12-point Data Security Standard, half of the world’s largest merchants are not yet compliant. Furthermore, many retailers do not have a timetable for achieving compliance in place before the anticipated June 2007 deadline.

ExaProtect says this puts transactions with a value exceeding $200 billion potentially at risk. To put this figure in perspective:

-a $200bn stack of one-dollar bills would be over 20,000km high: equivalent to travelling halfway around the Earth’s equator

-it is more than the cost of the Space Shuttle program from inception in 1969 to its planned retirement in 2010 ($174bn)

-it is more than double the estimated cost of the International Space Station ($100bn)

-an end-to-end chain of one-dollar bills would stretch to the moon and back, 40 times (over 31 million kilometres)

The World’s largest retailers and merchants take over 1.5 billion credit card transactions annually. Leading payments company Visa has 230 merchants that each process over 6 million transactions per year, with similar data from rivals - yet less than half can demonstrate PCI compliance.

Jean-François Dechant, CEO of ExaProtect said: “It’s incredible to think that such a vast amount of transactions and payments will not meet compliance standards over the coming year. Yet the compliance demands are not unreasonable given what’s at stake, and the number and sophistication of security threats today.

“The positive aspect is that $160bn of transactions per year now are secured to PCI standards as the industry moves toward compliance. These measures cannot totally eliminate hacking and other types of fraud. However they do embody the best available security practice and technology, and will help to ensure a consistent level of security across the payments industry. We are working with a number of key players in this sector in the drive towards PCI compliance,” Dechant added.

Compliance with the PCI Data Security Standard means organisations must prove to auditors that their networks and security policies comply with the set standards. Penalties for non-compliance include severe fines and loss of business.

Bookmark this release: Del.icio.us - Digg - Furl - Blinklist - Reddit