PCI Standards May Not Apply to Debt Purchasers, Collectors

Published on:
 6 August 2007 at 07:12 a.m. ET

Aug. 6, 2007, 7:12 a.m. insideARM.com The iA Institute
Written by: Unknown Author –

http://www.insidearm.com/news/00039226-pci-standards-may-not-apply-to-debt-purch/

The leader of an organization promoting tougher credit card security standards is downplaying the impact of the standards on the debt purchasing and collection industry.

The Payment Card Industry Data Security Standards, known as PCI, is a set of security rules designed to ensure cardholder data is safe from computer hackers and other crooks. The major card brands – American Express Co., Discover Financial Services, JCB International, MasterCard Inc. and Visa – joined to form the PCI Security Standards Council to oversee compliance with the standards.

Bob Russo, the council’s general manager, said the standards are designed to specifically guard against unauthorized use of the information on a credit card, such as the account number, and the data stored on the magnetic strip on the back of the card.

“Our concern is payment card fraud. The standard seeks to protect the credit card number on the front of the card and the magnetic strip information,” he said.

Typically, card issuers will deactivate a card number before selling it to a debt purchaser, said Russo. Once the number is deactivated, the card doesn’t have to be PCI compliant, he said. It’s conceivable that an issuer could reactivate a number and sell it to a purchaser — though that doesn’t seem likely, especially since the cardholder wasn’t paying his debt, he said.

Russo suggested purchasers and agencies contact issuers to determine if the issuer would demand a card remain PCI compliant after it has been deactivated.

The standards are designed as comprehensive, multifaceted “requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures” to ensure customer payment account data is secure, according to the council. More than 270 firms, including credit card issuers, merchants, card processors, and computer hardware and software developers, are members of the council, according to a spokesperson.

The creation of the PCI standards sent issuers and merchants scrambling to meet the security requirements. Stories of lost and stolen consumer data have made headlines the last few years with the affected issuers and merchants spending millions to make their customers whole.


Next Article: Malaise Stays with Debt Purchasers? Stocks

Tags: Debt Collection Debt Buying Credit Card Debt

Related Products

the word regulation in a stylized dictionary [Image by creator from ]

insideARM's FAQ on Regulation F (the CFPB's Final Rule on Debt Collection)

debt-collection new-rules regulations fdcpa compliance_1 collection-technology collection-strategy final-rule collection-laws-and-regulations cfpb

Cover image for New Agent Onboarding Manuals resource [Image by creator from insideARM]

New Agent Onboarding Manuals

compliance compliance-management debt-collection

Advertisement

About

News RSS Feed



Copyright Auriemma Roundtables, Inc. All rights reserved.