Retail Executive

SEP-OCT 2017

Retail Executive is the trusted advisor to top retail executives from the industry’s most profitable retailers. We help retail executives succeed in their job role and grow their business via exclusive, actionable, peer-driven content.

Issue link:

Contents of this Issue


Page 23 of 43

Take The Guesswork Out Of Payment Security The PCI Security Standards Council discusses upcoming standards that affect retailers of all sizes. A Q & A W I T H R E T A I L E X E C U T I V E apps that retailers use. Essentially, we want to simplify compliance for retailers by having third-party software validated independently by software security profes- sionals and experts. We also have two other standards related to 3DS (Three-Domain Secure) for merchants leveraging e-com- merce and a mobile presence. Last year, EMVCo created a spec related to a new, more secure version of 3DS, which provides significant improvements. The new standards will help ensure that customers are authenticated all the way to the issuer. It will create less friction in the overall customer experience and give retailers confidence in the legitimacy of transactions. Note these 3DS standards are intended for those that provide 3DS services and applica- tions and not for merchants simply using 3DS services. Lastly, we have a new standard that will probably be more relevant to smaller merchants, but could be ap- plied to large merchants as well. The new standard is related to using commercial off-the-shelf mobile de- vices to do PIN entry onto the device's glass. While we already have legitimate certified PIN-on-glass devices, merchants were asking for clarification about the secu- rity. Public drafts and requests for comment for all of these new standards will be released later this year. Retail Executive: What new payment updates/stan- dards are forthcoming that affect retailers? Troy Leach, CTO, PCI Security Standards Council: This year will probably be one of the busiest years for new standards and new requirements, as we have five new standards, two revised standards, and another signifi- cant initiative. Most of these standards are focused on the payment solution developers and vendors that create the solu- tions that merchants use. Our goal is to help merchants of all sizes improve security and possibly, at the same time, reduce their overall responsibilities of demon- strating security through compliance. As we look at the payment ecosystem, we're seeing the market developing and using third-party services, products, and software. In fact, 80 percent of all soft- ware today uses some form of third-party code, host- ing, or services. It can become difficult for a retailer to demonstrate that it's done enough due diligence on the security of a payment environment when there are third-party pieces being used. As a result, our focus is on initiatives to improve pay- ment software security, so two upcoming standards will target vendors developing the third-party payment The PCI Security Standards Council exists as a body to create standards and best practices to help retail executives. By now, you should be well aware of the PCI DSS (Payment Card Industry Data Security Standard), as it's the most exhaustive standard that's received the most attention. However, in speaking with Troy Leach, CTO, and Mauro Lance, COO, of the PCI Security Standards Council, there are other standards on the horizon worth noting, as well as other initiatives built to help you navigate the payment security landscape. PAYMENT SECURITY Technology TAKE THE GUESSWORK OUT OF PAYMENT SECURITY RETAILEXECUTIVE.COM SEPTEMBER/OCTOBER 2017 24

Articles in this issue

Links on this page

Archives of this issue

view archives of Retail Executive - SEP-OCT 2017