Secure Payments, PCI DSS, Regulatory Compliance Blog

PCI an issue in UK and Europe?

March 12th, 2007 by datasecurity Posted in Card Brands, Europe

europe.jpgAccording to Rob from Spain:

Sorry to break the news to you, but Visa and MasterCard still don’t have this sewn up properly in the UK or Europe.

There is a team of 8 people working inside Visa for the WHOLE of Europe on PCI, and MasterCard has just 2. That’s 10 people evangelizing, directing and policing a population of thousands of vendors.

If this is the case one can only imagine that the effort put forth on compliance is commensurate with the risk of compromise. Does anyone have good statistics on how many credit card compromises occur in Europe? The roll out of Chip and PIN have decreased an already small fraud volume.

I have been on both continents (North America and Europe) and understand your frustration because there are so many more compliance requirements in N. America. The reason for this? There is more fraud here!

Trust me, when the newspapers start running front page stories about credit card theft, you will see the card associations increase their evangelism.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

  1. 5 Responses to “PCI an issue in UK and Europe?”

  2. By Rob from Spain on Mar 12, 2007

    Hi Michael,

    The problem isn’t the fact that there is less fraud, if only that were true…

    I started writing a reply to this and it turned into a blog.

    I’ve posted it on my blog instead for everyone to read.

    Thanks for the input, and let’s keep on talking.

    Rob.

  3. By Rob again... on Mar 12, 2007

    There, finished!

    http://robnewby.blogspot.com/2007/03/reply-to-michael-dahn-on-pci-compliance.html

    Keep on blogging!

    Rob.

  4. By Michelle Greer on Sep 13, 2007

    I’m not sure why there would be more fraud in the United States, given the global nature of the web. Many hackers are located in eastern European nations, Russia, southeast Asia, India, and Nigeria. I doubt these hackers are terribly picky, especially given the increasing standards for servers located in the United States.

  5. By Michael Dahn on Sep 13, 2007

    Michelle, fraud means that the attack has taken place in that country. It does not mean the attacker originated from that country.

  1. 1 Trackback(s)

  2. Mar 12, 2007: European privacy politics and PCI at PCI Compliance Demystified

Sorry, comments for this entry are closed at this time.