PCI DSS is a great security baseline, but there is more to preventing breaches than just becoming PCI DSS compliant. How many more data breaches must occur in the payment card industry before the card brands step it up. Everyone in the payment card industry has the same objectives… Protect the cardholder data. The common denominator for everyone in the payment card industry would be the card brands and yet they are slow in adopting the technology to support better security controls for the entire industry & consumers.

If we really want to prevent data breaches the entire industry needs to be on board together with a sound solution and it needs to start at the top with the card brands and then the acquirers and then down to the merchants. Let’s implement a solution so that merchants don’t even need to keep the card holder data, just send the merchant back a unique token to reference the transaction.

To me the way it looks is the card brands want to hand out all these cards to you and I the consumers, but we better hope that were we shop the merchants have sound security controls in place or we the consumer could be at risk for credit fraud, identity theft & more.