That is the title of an article in the American Banker. A little on the sensational side and written by the counsel for the Merchants Payments Coalition – maybe a slight bias there? However, it does bring a few important and undeniable issues about the disincentives that credit card companies have in improving the security of credit card information.
Why are we (in the US) continuing to use magnetic stripe technology? Why are we not moving to embedded chip technology faster especially it is known that it will reduce dramatically a large segment of fraud? At this point of time, only around 1% of the US credit card are chip-based. More than 80 countries use chip technology credit card.
Clearly PCI is not enough to ensure security – that has been proved over and over again. What else do organizations need to do ensure Target-like breaches do not happen to them? Don’t do check-box compliance – instead implement effective security that results in compliance.