MasterCard Opens a PCI Schoolhouse Featuring ‘Tailor-Made’ Sessions

No. 2 payment network MasterCard Worldwide this week unveiled a global education effort about the Payment Card Industry data-security standard, or PCI. The campaign, which includes free Web-based seminars and live training, comes at a time when restive merchants and others are challenging the card networks about data security, with some even questioning whether PCI is the right solution for thwarting fraudsters intent on stealing credit and debit card information. Earlier this month, the National Retail Federation sent a letter to the PCI Security Standards Council, a non-profit group created by the card networks to oversee and update PCI, questioning certain data-storage requirements the networks imposed on merchants (Digital Transactions News, Oct. 4). Letter author David Hogan, the NRF's chief information officer, notes that the NRF itself has held three PCI education seminars for its retailer members over the past year, but says the new MasterCard program could be of value. “Anything that's going to help take the confusion out of PCI is a good thing,” he tells Digital Transactions News. “I really think that is a result of the difficulty companies are having trying to understand the PCI mandates and how to adhere to them.” But the new program is no knee-jerk reaction to the recent criticism, according to MasterCard. “We've been in the business of building awareness for PCI for some time now,” says John Verdeschi, vice president, Payment System Integrity Group. “What we've done here is kicked it up a notch.” MasterCard's offerings include live education seminars at designated locations, interactive, Web-based teleconferences, and what MasterCard calls its “On-Demand Webinar Series,” a group of eight pre-recorded content modules. Topics range from a detailed review of the standards to how to get ready for a PCI assessment. Acquirers, which are responsible for enforcing PCI in their merchant portfolios, may pick the sessions or modules best suited to their merchants. “It's really tailor-made for anyone who wants to take advantage of it,” says Verdeschi. MasterCard may be offering up to 20 live sessions in the U.S. alone, along with an undetermined number elsewhere in the world, according to Verdeschi. Those sessions will include MasterCard personnel as well as staff from PCI assessment firms and other companies. One is Chicago-based Trustwave, formerly Ambiron TrustWave Corp. While recent Visa numbers show that so-called Level 4 merchants?the smallest in terms of card-transaction originators?trail their larger cohorts in PCI compliance, any merchant, no matter its size, may still find the programs of value if it has questions or encounters problems along the road to compliance, according to Verdeschi. “We recognize there are hurdles,” he says. The MasterCard program, he adds, does not step on the toes of the new PCI Security Standards Council. “The program we have here is really very complementary to what the standards council does,” says Verdeschi, who chairs the council's technical working committee.