August 07, 2014 Articles

Payment Processor's "In-House" Data Security Compliance Program Under Attack

No good deed goes unpunished: payment processors could face antitrust and unfair competition liability risks when offering PCI compliance services to their merchants

by Edward A. Marshall

In the wake of recent and highly publicized data breaches involving payment card information, businesses accepting payment cards (or "merchants") are becoming increasingly sensitive to ensuring compliance with applicable data security guidelines, known as the Payment Card Industry Data Security Standard, or PCI DSS. After all, if a merchant suffers a data breach due to its failure to adhere to PCI standards, it can face staggeringly large liability assessments from card brands, such as Visa and MasterCard, associated with resultant payment card fraud.

For years, PCI compliance service vendors, which receive certification by the PCI Council—a body originally formed by American Express, Discover, JCB, MasterCard, and Visa—have assisted merchants with ensuring their fidelity to PCI DSS. To gain access to these merchants, such service vendors frequently collaborate with payment card processors and acquirers, i.e., the entities that contract with individual merchants and/or independent sales organizations (ISOs) and facilitate the authorization and payment of card transactions.

Premium Content For:
  • Litigation Section
Join - Now