Changing standards in credit card security

Friday, October 15th, 2010

The security standards of the credit card industry are changing as there is a shift with regard to handling the data of the card holder. The Payment Card Industry Security Council or the PCI seems to have released a couple of documents last week specifying point-to-point encryption starting with the swipe of the card to the encryption within the card, which is the chip that is EMV encrypted. However, neither of the documents mentions anything about adopting the new requirements by the PCI-compliant merchants. Instead, one could get an overview of the PCI requirements wherein the merchants have to follow 12 requirements in case they handle the data of the card holder. The picture would be much clearer by the end of the month when the new version would be released.

In practice, the cardholder data is masked from the point of sale to the issuers and hence the changes that are expected to take place would be a huge market in the years to come. General Manager, PCI security council, Bob Russo feels that it would be deceptive to call this encryption end-to-end. He also states that segments may or may not be encrypted in the payment process. As the council has commented on these encryptions for the first time, Russo`s argument is that the encryption systems are in fact point-to-point and hence the council`s reference of P2PE (point-to-point) with regard to the market is valid.

The encryption methods need to be validated and it should be ascertained that the hardware as well as the software is being implemented properly. Encryption alone may not suffice in order to comply with the PCI DSS, states Troy Leach, the Chief technology officer (PCI Security Council). He also states that validations by PCI DSS assessors are required and P2PE has a long way to go before it is found to be secure.

The five domains that need validation by PCI DSS assessors are application security-card holder data should not be stored, encryption device – must be tamper resistant, merchant encryption environment-IT systems need to be validated, key management-annual changes in encryption keys, as well as decryption.

EMV is being used outside the U.S. In UK smart chips are embedded in the cards, wherein the card user might be required to enter the PIN to complete a transaction. This offers protection against “in person” fraudulent practices. PCI DSS would be required even in places where merchants have EMV in place, because PCI DSS card holder data is removed once the customer leaves. In theory, it seems for the moment at least that both EMV as well as PCI DSS complement each other.

Latest Fair Credit Credit Card News

Wednesday, September 13th, 2017
J.D. Power’s latest customer satisfaction survey brings good news for American Express cardholders – but they might already be aware of it. Not only did Amex score the highest for ...
Wednesday, April 12th, 2017
A new credit card from Synchrony Financial offers drivers the ease of paying for automobile maintenance as well as gas.
Tuesday, November 22nd, 2016
Holiday shopping seems to start earlier every year, but this year more than half of people surveyed by Synchrony Financial said they would head to the stores even earlier, in ...
Friday, July 8th, 2016
Everyone knows it’s important to have money saved up in case of emergency, but just because something is common knowledge—and common sense—that doesn’t mean people necessarily ...
Monday, February 29th, 2016
The uptick in the American economy is good news for people seeking lines of credit. While the recent Federal Reserve interest rate some people saw hike as bad news, it’s actually ...
Best Credit Offer
First Access Visa
Click the Compare link to compare the checked cards side-by-side at the comparison table.
Consumer Rating: 4 / 5
Horizon Card Services Horizon Gold Credit Card
Copyright © 2001-2018 All Rights Reserved.

* The webpage is a free service and an information resource for credit cards and financial products and services available to eligible United States consumers. does not offer any warranties and is not a direct service. There are no guarantees for approval or offers when applying for a credit card. Please refer to the application if you would like more information on each credit card. When you click "Apply" for a particular credit card, please take the time to review the terms and conditions of the product/service at the issuer's website. All logos on the website are property of their respective owners.

Disclaimer: This editorial content is not provided or commissioned by the credit card issuer. Opinions expressed here are the author's alone, not those of the credit card issuer, and have not been reviewed, approved or otherwise endorsed by the credit card issuer. Reasonable efforts are made to present accurate info, however all info is presented without warranty. Consult a card's issuing bank for terms & conditions. makes every effort to keep information up to date and accurate. However, the information regularly changes and is presented without warranty. Therefore, we strongly recommend all our readers to visit the credit card application page by clicking "Apply Online!" button to review the detailed credit card's terms and conditions. Note that may be compensated by the credit card issuers when the readers apply for a credit card through this site. is an independent, advertising-supported website which receives compensation from the credit card issuers and companies whose offers appear on the site. Compensation may impact how and where products appear on our site, including, for example, the order in which they may appear on the site pages. does not review or list all available financial or credit offers.

Disclosure: Not an access card.

User Generated Content Disclaimer: These responses are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.