Payment card industry

Last updated

The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.

Contents

Overview

The payment card industry consists of all the organizations which store, process and transmit cardholder data, most notably for debit cards and credit cards. The security standards are developed by the Payment Card Industry Security Standards Council which develops the Payment Card Industry Data Security Standards used throughout the industry. Individual card brands establish compliance requirements that are used by service providers and have their own compliance programs. Major card brands include American Express, China UnionPay, Discover Financial Services, Japan Credit Bureau, MasterCard Worldwide and Visa International. Most companies use member banks that connect and accept transactions from the card brands. Not all card brands use member banks, like American Express, these instead act as their own bank. [1] [ promotional source? ]

As of 2014, the United States uses a magnetic stripe on a card to process transactions and its security relies on the holder's signature and visual inspection of the card to check for features such as hologram. This system will be outmoded and replaced by EMV in 2015. [2] [ needs update ] EMV is a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions. It has enhanced security features, but is still susceptible to fraud. [2]

Payment Card Industry Security Standards Council

On 7 September 2006, American Express, Discover Financial Services, Japan Credit Bureau, MasterCard Worldwide and Visa International formed the Payment Card Industry Security Standards Council (PCI SSC) security council with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council. As of 1 August 2014, the PCI SSC website lists 688 "Participating Organizations". [3] Internationally, 61 different financial institutions were noted, including Bank of America, Capital One, JP Morgan Chase, Royal Bank of Scotland, TD Bank and Wells Fargo. [3] A total of 275 merchants were listed, including Amazon.com, Burger King, Citgo, Dell, Equifax, Exxon Mobil, Global Cash Access, Motorola, Microsoft, Southwest Airlines and Walmart. [3]

Industry growth

MasterCard's Nicole Krieg has noted that the Russian credit card market started in early 2000, when issuers first began launching products. [4] However, credit products became especially popular in Russia in 2005, after new legislation took effect. Immense growth was noted in just eight years, by comparing second quarter growth on Visa card purchases, which went from $306 million in 2002 to $61.5 billion in 2010. Merchants who accepted Visa cards also increased from 21,000 to 331,000 during the same period. Visa also noted that they had issued 70 million cards and the Central Bank of the Russian Federation reported that 8.6 million credit cards were on issue. [4]

Regional and national payment schemes

Interac Association

The Interac Association is Canada's national organization linking Financial Institutions and enterprises that have proprietary networks, to enable communication with each other for the purpose of exchanging electronic financial transactions. The Association was founded in 1984 by the big five banks. Today, there are over 80 members. The Interac Association is the organization responsible for the development of Canada's national network of two shared electronic financial services: Shared Cash Dispensing (SCD) for cash withdrawals from any ABM not belonging to a cardholder's financial institution; and Interac Direct Payment (IDP) for Debit Card payments at the Point-of-Sale

See also

Related Research Articles

A debit card is a plastic payment card that can be used instead of cash when making purchases. It is similar to a credit card, but unlike a credit card, the money is immediately transferred directly from the cardholder's bank account when performing any transaction.

Electronic funds transfer at point of sale is an electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at points of sale. EFTPOS technology originated in the United States in 1981 and was adopted by other countries. In Australia and New Zealand, it is also the brand name of a specific system used for such payments; these systems are mainly country-specific and do not interconnect.

Tokenization (data security) concept in data security

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. The token is a reference that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods which render tokens infeasible to reverse in the absence of the tokenization system, for example using tokens created from random numbers. The tokenization system must be secured and validated using security best practices applicable to sensitive data protection, secure storage, audit, authentication and authorization. The tokenization system provides data processing applications with the authority and interfaces to request tokens, or detokenize back to sensitive data.

EMV electronic payment method

EMV is a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them.

Interac Canadian interbank network

Interac is a Canadian interbank network that links financial institutions and other enterprises for the purpose of exchanging electronic financial transactions. Interac serves as the Canadian debit card system. There are over 59,000 automated teller machines that can be accessed through the Interac network in Canada, and over 450,000 merchant locations accepting Interac debit payments.

Maestro (debit card) multi-national debit card service

Maestro is a brand of online-only debit cards and prepaid cards owned by Mastercard that was introduced in 1991. Maestro debit cards are obtained from associate banks and are linked to the cardholder's current account while prepaid cards do not require a bank account to operate. Maestro cards can be used at point of sale (POS) and ATMs. Payments are made by swiping cards through the payment terminal, insertion into a chip and PIN device or by a contactless reader. The payment is authorized by the card issuer to ensure that the cardholder has sufficient funds in their account to make the purchase. The cardholder then confirms the payment by either signing the sales receipt or entering their 4- to 6-digit PIN, except with contactless transactions below a specified amount for which no further verification is required.

Visa Debit

Visa Debit is a major brand of debit card issued by Visa in many countries around the world. Numerous banks and financial institutions issue Visa Debit cards to their customers for access to their bank accounts. In many countries the Visa Debit functionality is often incorporated on the same plastic card that allows access to ATM and any domestic networks like EFTPOS or Interac.

Carte Bleue

Carte Bleue was a major debit card payment system operating in France. Unlike Visa Electron or Maestro debit cards, Carte Bleue allowed transactions without requiring authorization from the cardholder's bank. In many situations, the card worked like a credit card but without fees for the cardholder. The system has now been integrated into a wider scheme called CB or carte bancaire. All Carte Bleue cards were part of CB, but not all CB cards were Carte Bleue.

A merchant account is a type of bank account that allows businesses to accept payments in multiple ways, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions. In some cases a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement. Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator, the agreement contractually binds the merchant to obey the operating regulations established by the card associations.

Payment card card that can be used to make a payment

Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner to access the funds in the customer's designated bank accounts, or through a credit account and make payments by electronic funds transfer and access automated teller machines (ATMs). Such cards are known by a variety of names including bank cards, ATM cards, MAC, client cards, key cards or cash cards.

An ATM card is a payment card or dedicated payment card issued by a financial institution which enables a customer to access automated teller machines (ATMs). ATM cards are payment card size and style plastic cards with a magnetic stripe or a plastic smart card with a chip that contains a unique card number and some security information such as an expiration date or CVVC (CVV). ATM cards are known by a variety of names such as bank card, MAC, client card, key card or cash card, among others. Most payment cards, such as debit and credit cards can also function as ATM cards, although ATM-only cards are also available. Charge and proprietary cards cannot be used as ATM cards. The use of a credit card to withdraw cash at an ATM is treated differently to a POS transaction, usually attracting interest charges from the date of the cash withdrawal. Interbank networks allow the use of ATM cards at ATMs of private operators and financial institutions other than those of the institution that issued the cards.

Contactless payment Technology enabling payment without physical contact.

Contactless payment systems are credit cards and debit cards, key fobs, smart cards, or other devices, including smartphones and other mobile devices, that use radio-frequency identification (RFID) or near field communication for making secure payments. The embedded integrated circuit chip and antenna enable consumers to wave their card, fob, or handheld device over a reader at the point of sale terminal. Contactless payments are made in close physical proximity, unlike mobile payments which use broad-area cellular or WiFi networks and do not involve close physical proximity.

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes.

The Payment Card Industry Security Standards Council was originally formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on 7 September 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services, or to make payment to another account which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help businesses process card payments securely and reduce card fraud.

An issuing bank is a bank that offers card association branded payment cards directly to consumers, such as credit cards, debit cards and prepaid cards. The name is derived from the practice of issuing cards to a consumer.

Credit card card for financial transactions from a line of credit

A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's promise to the card issuer to pay them for the amounts plus the other agreed charges. The card issuer creates a revolving account and grants a line of credit to the cardholder, from which the cardholder can borrow money for payment to a merchant or as a cash advance.

Debit Mastercard

The Debit MasterCard is a debit card. It uses the same systems as the standard MasterCard credit card but does not use a line of credit to the customer, instead relying on funds that the customer has in their bank account.

Card security code Security feature on payment cards

A card security code (CSC), card verification data (CVD), card verification number, card verification value (CVV), card verification value code, card verification code (CVC), verification code, or signature panel code (SPC) is a security feature for "card not present" payment card transactions instituted to reduce the incidence of credit card fraud.

Card transaction data is financial data generally collected through the transfer of funds between a card holder's account and a business's account. It consists of the use of either a debit card or a credit card to generate data on the transfer for the purchase of goods or services. Transaction data describes an action composed of events in which master data participates. Transaction focuses on the price, discount and method of payment interaction between the customer and the organization. They are based on volatility as each transaction data changes every time a purchase is made, one time it could be $10, the next $55. Since debit and credit cards are commonly used to pay for goods and services, they represent a strong percentage of the consumption expenditure in the country.

References

  1. McAndrew, Tom (2009). "A Compliance Overview for the Payment Card Industry (PCI)" (PDF). Coalfire Systems Inc. 2009. Retrieved 1 August 2014.
  2. 1 2 Geuss, Megan (2 August 2014). "Chip-based credit cards are a decade old; why doesn't the US rely on them yet?". Ars Technica . Retrieved 2 August 2014.
  3. 1 2 3 "Participating Organizations". Payment Card Industry Security Standards Council. Retrieved 1 August 2014.
  4. 1 2 Peshkov, Alex (15 October 2010). "Card Brands, Issuers Report Dramatic Rise In Russian Card Market". Cardline. Archived from the original on 8 August 2014. Retrieved 1 August 2014 via HighBeam Research.

Payment card industry

EMV