Merchant Groups Suggest Data Security Standard Changes

Several retail trade associations have sent a joint letter to the Payment Card Industry (PCI) Security Standards Council and credit card executives outlining suggested changes in PCI data security standards.

WASHINGTON — Several retail trade associations have sent a joint letter to the Payment Card Industry (PCI) Security Standards Council and credit card executives outlining suggested changes in PCI data security standards.

Credit Card groups require retailers to adhere to these standards or face penalties.

Among the recommendations: Incorporate a formal review and comment phase on revisions to the PCI data security standards (DSS) by participating membership before they are issued; ensure the amount of time from issuance of a revision to the PCI DSS and the effective date is appropriate for all merchants; and adopt the ASC X9 announcement of its plan to develop a new standard to protect cardholder data that may include end to end data encryption.

In addition, the letter suggests providing merchants with the option of keeping nothing more than the authorization code provided at the time of sale and a truncated receipt, rather than credit card information, for dispute resolution.

The letter was sent by the National Retail Federation, National Restaurant Association, American Hotel and Lodging Association, National Council of Chain Restaurants, Association for Convenience & Petroleum Retailing, Merchant Advisory Group and the International Franchise Association.

“With the support of the broader merchant community, we hope to make clear that there needs to be more collaboration in how these standards are created, communicated and enforced,” said NRF Chief Information Officer Dave Hogan, in a statement.

Read More of Today's Headlines [2]