PCI DSS: Payment card industry data security standards in context

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

In recent years, the payment card industry has dealt with the matter of consumer liability for unauthorized charges. However, risks to consumers from identity theft and related use of personal data present new challenges for cardholders and those who profit from their usage, including merchants, banks, and payment card companies. This article examines the varying and sometimes complementary roles that legal obligations and private ordering play in incentivizing security measures to protect consumers. It shows that, in the legal environment within the United States, which lacks comprehensive legal protections for consumer privacy and security, private ordering rooted in economic incentives within the payment card industry can also bring about enhanced security for consumers. The Payment Card Industry Data Security Standards ("PCI DSS") have emerged from private ordering, although threats of legal liability have also influenced their development and implementation. The article evaluates the basic framework of PCI DSS and raises issues for further development as the government, the legal system, and the industry cope with security threats in this environment.

Original languageEnglish (US)
Pages (from-to)540-554
Number of pages15
JournalComputer Law and Security Review
Volume24
Issue number6
DOIs
StatePublished - 2008

Fingerprint

data security
Security of data
industry
Industry
liability
threat
personal data
Data privacy
legal protection
larceny
legal system
privacy
obligation
Profitability
bank
profit
incentive
Industry data
Payment card
Data security

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Business, Management and Accounting(all)
  • Law

Cite this

PCI DSS : Payment card industry data security standards in context. / Morse, Edward A.; Raval, Vasant.

In: Computer Law and Security Review, Vol. 24, No. 6, 2008, p. 540-554.

Research output: Contribution to journalArticle

@article{4d83bf75315a4ebbbfce609dff36643a,
title = "PCI DSS: Payment card industry data security standards in context",
abstract = "In recent years, the payment card industry has dealt with the matter of consumer liability for unauthorized charges. However, risks to consumers from identity theft and related use of personal data present new challenges for cardholders and those who profit from their usage, including merchants, banks, and payment card companies. This article examines the varying and sometimes complementary roles that legal obligations and private ordering play in incentivizing security measures to protect consumers. It shows that, in the legal environment within the United States, which lacks comprehensive legal protections for consumer privacy and security, private ordering rooted in economic incentives within the payment card industry can also bring about enhanced security for consumers. The Payment Card Industry Data Security Standards ({"}PCI DSS{"}) have emerged from private ordering, although threats of legal liability have also influenced their development and implementation. The article evaluates the basic framework of PCI DSS and raises issues for further development as the government, the legal system, and the industry cope with security threats in this environment.",
author = "Morse, {Edward A.} and Vasant Raval",
year = "2008",
doi = "10.1016/j.clsr.2008.07.001",
language = "English (US)",
volume = "24",
pages = "540--554",
journal = "Computer Law and Security Review",
issn = "0267-3649",
publisher = "Elsevier Limited",
number = "6",

}

TY - JOUR

T1 - PCI DSS

T2 - Payment card industry data security standards in context

AU - Morse, Edward A.

AU - Raval, Vasant

PY - 2008

Y1 - 2008

N2 - In recent years, the payment card industry has dealt with the matter of consumer liability for unauthorized charges. However, risks to consumers from identity theft and related use of personal data present new challenges for cardholders and those who profit from their usage, including merchants, banks, and payment card companies. This article examines the varying and sometimes complementary roles that legal obligations and private ordering play in incentivizing security measures to protect consumers. It shows that, in the legal environment within the United States, which lacks comprehensive legal protections for consumer privacy and security, private ordering rooted in economic incentives within the payment card industry can also bring about enhanced security for consumers. The Payment Card Industry Data Security Standards ("PCI DSS") have emerged from private ordering, although threats of legal liability have also influenced their development and implementation. The article evaluates the basic framework of PCI DSS and raises issues for further development as the government, the legal system, and the industry cope with security threats in this environment.

AB - In recent years, the payment card industry has dealt with the matter of consumer liability for unauthorized charges. However, risks to consumers from identity theft and related use of personal data present new challenges for cardholders and those who profit from their usage, including merchants, banks, and payment card companies. This article examines the varying and sometimes complementary roles that legal obligations and private ordering play in incentivizing security measures to protect consumers. It shows that, in the legal environment within the United States, which lacks comprehensive legal protections for consumer privacy and security, private ordering rooted in economic incentives within the payment card industry can also bring about enhanced security for consumers. The Payment Card Industry Data Security Standards ("PCI DSS") have emerged from private ordering, although threats of legal liability have also influenced their development and implementation. The article evaluates the basic framework of PCI DSS and raises issues for further development as the government, the legal system, and the industry cope with security threats in this environment.

UR - http://www.scopus.com/inward/record.url?scp=84979792306&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84979792306&partnerID=8YFLogxK

U2 - 10.1016/j.clsr.2008.07.001

DO - 10.1016/j.clsr.2008.07.001

M3 - Article

AN - SCOPUS:84979792306

VL - 24

SP - 540

EP - 554

JO - Computer Law and Security Review

JF - Computer Law and Security Review

SN - 0267-3649

IS - 6

ER -