PCI Standards May Not Apply to Debt Purchasers, Collectors

  • Email
  • Print

    • Printing Articles

    1. Click here to print!
    2. ...or print directly from your browser by choosing File > Print... from the menu or by pressing [Ctrl + P]. Our printer-friendly stylesheet will make sure extraneous website stuff isn't printed.
    3. You're done!

    Close this message.

  • Comments
  • RSS
August 6, 2007 (Be the first to respond) http://www.insidearm.com/daily/credit-card-accounts-receivable/credit-card-receivables/pci-standards-may-not-apply-to-debt-purchasers-collectors/

The leader of an organization promoting tougher credit card security standards is downplaying the impact of the standards on the debt purchasing and collection industry.

The Payment Card Industry Data Security Standards, known as PCI, is a set of security rules designed to ensure cardholder data is safe from computer hackers and other crooks. The major card brands – American Express Co., Discover Financial Services, JCB International, MasterCard Inc. and Visa – joined to form the PCI Security Standards Council to oversee compliance with the standards.

Bob Russo, the council’s general manager, said the standards are designed to specifically guard against unauthorized use of the information on a credit card, such as the account number, and the data stored on the magnetic strip on the back of the card.

“Our concern is payment card fraud. The standard seeks to protect the credit card number on the front of the card and the magnetic strip information,” he said.

Typically, card issuers will deactivate a card number before selling it to a debt purchaser, said Russo. Once the number is deactivated, the card doesn’t have to be PCI compliant, he said. It’s conceivable that an issuer could reactivate a number and sell it to a purchaser — though that doesn’t seem likely, especially since the cardholder wasn’t paying his debt, he said.

Russo suggested purchasers and agencies contact issuers to determine if the issuer would demand a card remain PCI compliant after it has been deactivated.

The standards are designed as comprehensive, multifaceted “requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures” to ensure customer payment account data is secure, according to the council. More than 270 firms, including credit card issuers, merchants, card processors, and computer hardware and software developers, are members of the council, according to a spokesperson.

The creation of the PCI standards sent issuers and merchants scrambling to meet the security requirements. Stories of lost and stolen consumer data have made headlines the last few years with the affected issuers and merchants spending millions to make their customers whole.

  • Email
  • Print

    • Printing Articles

    1. Click here to print!
    2. ...or print directly from your browser by choosing File > Print... from the menu or by pressing [Ctrl + P]. Our printer-friendly stylesheet will make sure extraneous website stuff isn't printed.
    3. You're done!

    Close this message.

  • Comments
  • RSS

Posted in Credit Card Receivables, Debt Buying, Debt Collection .

Continuing the Discussion

We welcome and encourage readers to comment and engage in substantive exchanges over topics on insideARM.com. Users must always follow our Terms of Use. Also know that your comment will be deleted if you: use profanity, engage in any kind of hate speech, post an incoherent or irrelevant thought, make a point of targeting anyone, or do anything else we find unsavory. Your comment will be posted under your current Display Name, shown below. If you'd like to change your Display Name, you must update it on the My Profile page.

Leave a Reply

Advertisements