The National Retail Federation (NRF) has recently asked the Federal Trade Commission (FTC) to start an investigation into an organization that sets data security standards. The organization was established by the credit card industry, and, according to the NRF, applies some controversial practices that raise antitrust concerns.
Standards Set by the PCI Standards Security Council
The world’s leading retailer advocacy group has asked the Federal Trade Commission to disregard the standards associated with data security. These standards were imposed by the PCI Standards Security Council.
The requirements set by the PCI DSS have long been argued by retailers. According to retailers, the PCI SSC is a proprietary organization run by the networks that have their own rules and do not focus on retailers. The National Retail Federation finds an inquiry into the way retailers leverage third parties to carry out PCI assessments should not regard the PCI DSS as the best example of data security.
To provide top security for payment processing, merchants should apply to a reputable processor like eMerchantBroker. EMB is the #1 high risk merchant account provider in the US and has an A+ rating with the BBB. EMB offers reduced chargebacks thanks to its unmatched fraud protection services.
Retailers Urge FTC to Discount PCI as Standard
In a letter to FTC leadership, Mallory Duncan, senior vice president and general counsel for the NRF, urged the FTC not to rely on the PCI DSS. As Duncan notes, it should be taken neither as the best practice in the industry, nor as a standard determining reasonable data security in the payment system or elsewhere.
According to Duncan, PCI can be described as a proprietary organization formed and controlled by a single industry sector – the most powerful credit card networks. He furthers notes PCI is not an open organization developed on principles that are called to set standards and which are recognized by the United States Standards Strategy.
The National Retail Federation is sure an anti-trust investigation of PCI must be conducted. The Federation calls the organization an inappropriate use of market power by the key US payment card networks. Moreover, the NRF finds PCI should no longer be responsible for determining data security standards the way it is currently doing.