Avoiding mandatory and punitive government regulations has always been a part of industry?s attempt at security self-regulation. The Payment Card Industry Data Security Standard (PCI) was intended to ensure the integrity and confidentiality of electronic transactions, which pretty much covers any retail credit or bank card payment.
PCI, however, wasn?t enforced or taken seriously enough to have prevented the
Disgruntled consumers are turning to lawmakers to enact laws designed to protect their identities. This could mean that retailers will have to contend with government regulations on top of the PCI standard.
While there are reports of federal legislation in this arena, no bills have been introduced in Congress requiring credit card processors to bolster security. State legislators, on the other hand, have been busy in response to
-
The Minnesota Plastic Card Security Act, the first such state-level law enacted, prohibits merchants that accept payment cards from retaining Track 2 data,
CVV 2 data and personal identification numbers (PINs), and requires them to reimburse banks and credit unions if they store such information and the data is compromised. -
Connecticut ,
andIllinois are considering legislation that would make merchants responsible for fraud-related losses?including the cost to banks to reissue credit cards?incurred as a result of a security breach.Massachusetts -
California introduced a bill similar to the
law, but Gov. Arnold Schwarzenegger vetoed the bill because it would be a burden on small businesses.Minnesota insiders expect lawmakers to introduce the proposal again this year.Sacramento -
Texas is considering legislation mandating that merchants comply with PCI standards. The proposed law would make violators responsible for reimbursing banks and financial institutions for the cost of reissuing credit cards in the event of a breach.
Some security executives believe that the passing of a law on such matters in a large enough state would have a profound effect on PCI compliance and security practices throughout the retail industry.
?It only takes one of those passing in a large state, say