PCI DSS: Payment card industry data security standards in context

Edward A. Morse, Vasant Raval

Research output: Contribution to journalArticle

14 Scopus citations

Abstract

In recent years, the payment card industry has dealt with the matter of consumer liability for unauthorized charges. However, risks to consumers from identity theft and related use of personal data present new challenges for cardholders and those who profit from their usage, including merchants, banks, and payment card companies. This article examines the varying and sometimes complementary roles that legal obligations and private ordering play in incentivizing security measures to protect consumers. It shows that, in the legal environment within the United States, which lacks comprehensive legal protections for consumer privacy and security, private ordering rooted in economic incentives within the payment card industry can also bring about enhanced security for consumers. The Payment Card Industry Data Security Standards ("PCI DSS") have emerged from private ordering, although threats of legal liability have also influenced their development and implementation. The article evaluates the basic framework of PCI DSS and raises issues for further development as the government, the legal system, and the industry cope with security threats in this environment.

Original languageEnglish (US)
Pages (from-to)540-554
Number of pages15
JournalComputer Law and Security Review
Volume24
Issue number6
DOIs
StatePublished - 2008

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Business, Management and Accounting(all)
  • Law

Cite this