The Payment Card Industry Data Security Standards (PCI DSS) have come a long way since the first version was released in 2004. Some of the payment practices that are commonplace today would have seemed impossible at that time. With changing methods of using debit and credit cards, the Payment Card Industry Security Standards Council (PCI SSC) had to alter the requirements to keep up with the most current data security concerns. The goal is always to protect the consumer’s information from potentially dangerous situations.
This year marks the 10th anniversary of the PCI SSC. With the inception of this group, compliance with PCI DSS became more widespread. As the payments industry continues to change, what does it mean for the set of guidelines that oversees smart and secure processing, storage and transmittal of information? Let’s take a look at the potential future of PCI:
Past unnecessary storage led to breaches
Before PCI became as important to merchants as it is today, many companies found themselves in data security trouble due to careless practices. To maintain and build better relationships with their customers, businesses relied on loyalty programs and consumer management. They stored client information, especially cardholder data, to analyze shopping histories. Paired with already weak security systems, keeping these materials in their database was extremely risky. Problems like easy default passwords, weak network connections and not separating sensitive information left data more susceptible to theft.
The PCI DSS came to the rescue, teaching merchants which practices were safe and which put their organizations in danger.
“It’s the 10th anniversary of the PCI SSC.”
A decade ago, a decade ahead
The PCI DSS has undergone a number of changes over the years, many of which no one could have foreseen coming. The SSC’s chief technology officer, Troy Leach, said the next 10 years will bring about the same caliber of alterations to the guidelines as the last decade has.
“If we reflect to 10 years ago, I couldn’t have imagined that we would have so many payments being run through phones and watches …” Leach told Bank Info Security. “What we need to be cognizant of is an ability to create dynamic data that changes how those transactions occur, how they work with security. And so as long as there are static data that we need to protect, the relevancy of DSS, or parts of the DSS, to control and protect that information will remain.”
PCI DSS 3.2 recently released
It’s hard to say what the SSC has in mind for future versions of the DSS, but if the newest update to the guidelines – released in April – are any indication, the council has big things in store for the future. As security threats become more high level, the organization is enacting methods to reduce their chances of occurring for merchants. Elements including the use of two-factor authentication and penetration tests can keep outside eyes from seeing and using sensitive data to their advantage, according to Security Week.
The PCI SSC aims to help merchants protect themselves and their customers from security threats at all times. Although compliance with the DSS is not mandatory, adhering to the guidelines can save merchants from paying costly penalties. It’s crucial for organizations to remain current with the newest releases of these standards, especially as security concerns continue to become more advanced.