Since starting our PCI Blog, I’ve been able to discover some of the great ways that the industry is educating merchants and customers alike. There are many resource available out there and since our last entry focused on podcasts and webcasts, I’d like to identify some great blogs I’ve discovered.

Braintree Payment Solutions keep a blog that is updated frequently with fresh links, views and information about the payment card industry.

December 31 is the Next PCI Compliance Deadline: Now that the 327 Level 1 merchants appear to be getting closer to compliance, Visa is now setting their sites on Level 2 merchants that are defined as processing 1 to 6 million Visa transactions annually. There are currently 729 merchants in this category. As of August 31st, 38% were validated and 44% had submitted initial validation but were in remediation. [Braintree]

On the sidebar of E-xact’s homepage you can find out online poll, asking “Is Your Business PCI Compliant?”. So far it’s split three ways, with only 33% or those polled being fully compliant so far.

Braintree’s blog also has a helpful post about PCI Compliance Basics as here is still a long way to go for merchants who seek compliance.

Retail Solutions Online rounds up a few more facts.

…53 percent of enterprise-class companies do not meet the data security standards established by the PCI. The report also lists the top 10 reasons companies fail PCI data security audits. PCI security standards apply to all companies that store, process and transmit credit and debit card payment information. [Retail Solutions Onlline]

As a starting point, be sure to check out the official PCI compliance guide, as being aware of the requirements is the first step.

Another site, and good source for payment card news, is the Merchant Account Blog. I’ve been following it for a while now and it recently celebrated its 2nd anniversary. In a recent post they link back to a fellow local Vancouver company.

A few weeks ago Elastic Path published their Ecommerce Checkout Report which was a great breakdown of the online trends of the top 100 internet retailing websites.

One area that I found particularly interesting is that only about half of the top 100 online retailers require additional card verification (CVV2, CID, CVC, etc) information to be entered when a customer makes a purchase. [Merchant Account Blog]

What seem to be minute details could mean millions of dollars lost if security breached. The main concern of PCI (DSS) is the protection of cardholder data. With the recent deadline behind us, there is some confusion milling about regarding who should ultimately be responsible for this data.

…According to [the National Retail Federation], credit card companies typically require retailers to store credit card numbers anywhere from one year to 18 months to satisfy ‘card company retrieval requests. [InfoWorld]

The NRF is pushing for completely abolishing the storage of cardholder data by merchants. A very bold move, which steps beyond PCI and attempts to keep up with hackers and malicious information seekers. Should the responsibility now fall on the issuer, the merchant, or even the cardholder? Perhaps it’s a mix of all three.

A recent report by Forrester Research said that 81 percent of merchants retain credit card data, and that they typically keep too much of this data. Seventy-three percent store expiration dates, 71 percent store verification codes, and 57 percent, card-stripe data, the report said. [DR News Analysis]

The solution could vary from better systems for storage (or lack thereof) down to the point-of-sales being used. The main objective is to protect and secure cardholder data at all times.

For more information from E-xact about PCI DSS, keep an eye on our PCI Blog or visit our About Page for links and information.

E-xact Transactions Ltd. has been fully compliant with the industry since 2004.
[About - E-xact]

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.