The self-regulatory system used by the credit card industry to protect consumers' details is not sufficient, it has been claimed.
Credit card data is at risk because the system used by providers to protect it is inadequate, according to retailers in the USA.
Currently the information is safeguarded using the self-regulated Payment Card Industry (PCI) Data Security Standards, which were created by providers. But at a hearing in the US congress on the issue, retail representatives suggested that the standards were set up to convenience providers, rather than protect consumer data.
The standard requires retailers to dispense with credit card information after transactions, but these same businesses are also under pressure from issuers to keep the data for use in payment disputes.
"In our view, if you peel off all the layers around PCI data security standards, you will see it for what it is," said Dave Hogan, National Retail Foundation senior vice president and chief information officer. "In significant part, a tool to shift risk off the banks' and credit card companies' balance sheets and place it on others."
Other voices at the meeting called on the industry to introduce chip and PIN technology, as used in the UK and Europe. Doing so could protect British cardholders, as UK payments association Apacs recently revealed that a large amount of fraud on credit cards is conducted overseas, in countries without the technology.
