PCI DSS: Payment card industry data security standards in context

Edward A. Morse, Vasant Raval

Research output: Contribution to journalArticlepeer-review

22 Scopus citations


In recent years, the payment card industry has dealt with the matter of consumer liability for unauthorized charges. However, risks to consumers from identity theft and related use of personal data present new challenges for cardholders and those who profit from their usage, including merchants, banks, and payment card companies. This article examines the varying and sometimes complementary roles that legal obligations and private ordering play in incentivizing security measures to protect consumers. It shows that, in the legal environment within the United States, which lacks comprehensive legal protections for consumer privacy and security, private ordering rooted in economic incentives within the payment card industry can also bring about enhanced security for consumers. The Payment Card Industry Data Security Standards ("PCI DSS") have emerged from private ordering, although threats of legal liability have also influenced their development and implementation. The article evaluates the basic framework of PCI DSS and raises issues for further development as the government, the legal system, and the industry cope with security threats in this environment.

Original languageEnglish (US)
Pages (from-to)540-554
Number of pages15
JournalComputer Law and Security Report
Issue number6
StatePublished - 2008

All Science Journal Classification (ASJC) codes

  • Business, Management and Accounting(all)
  • Computer Networks and Communications
  • Law


Dive into the research topics of 'PCI DSS: Payment card industry data security standards in context'. Together they form a unique fingerprint.

Cite this