PCI DSS: Payment Card Industry Data Security Standards in Context

Computer Law & Security Report, Vol. 24, pp. 540-554, 2008

15 Pages Posted: 19 Nov 2008 Last revised: 18 Dec 2009

See all articles by Edward A. Morse

Edward A. Morse

Creighton University - School of Law

Vasant Raval

Creighton University College of Business

Date Written: November 17, 2008

Abstract

In recent years, the payment card industry has dealt with the matter of consumer liability for unauthorized charges. However, risks to consumers from identity theft and related use of personal data present new challenges for cardholders and those who profit from their usage, including merchants, banks, and payment card companies. This article examines the varying and sometimes complementary roles that legal obligations and private ordering play in incentivizing security measures to protect consumers. It shows that, in the legal environment within the United States, which lacks comprehensive legal protections for consumer privacy and security, private ordering rooted in economic incentives within the payment card industry can also bring about enhanced security for consumers. The Payment Card Industry Data Security Standards ("PCI DSS") have emerged from private ordering, although threats of legal liability have also influenced their development and implementation. The article evaluates the basic framework of PCI DSS and raises issues for further development as the government, the legal system, and the industry copes with security threats in this environment.

Keywords: payment cards, security, privacy, consumer protection

JEL Classification: K20, K42, M14, L51, L86

Suggested Citation

Morse, Edward A. and Raval, Vasant, PCI DSS: Payment Card Industry Data Security Standards in Context (November 17, 2008). Computer Law & Security Report, Vol. 24, pp. 540-554, 2008. Available at SSRN: https://ssrn.com/abstract=1303122

Edward A. Morse (Contact Author)

Creighton University - School of Law ( email )

2500 California Plaza
Omaha, NE 68178
United States

Vasant Raval

Creighton University College of Business ( email )

2500 California Plaza
Omaha, NE 68178
United States
402-280-5518 (Phone)
402-280-5565 (Fax)

Register to save articles to
your library

Register

Paper statistics

Downloads
190
rank
154,704
Abstract Views
971
PlumX Metrics