MasterCard Tiptoeing Out Of The PCI Shadows

When it comes to Payment Card Industry (PCI) issues, it's been Visa that has taken center stage. Heck, most of the other card players don't even want to be seen peeking from the wings.

To be certain, MasterCard, AmericanExpress and others have been active in PCI circles, but they're been quite willing to let Visa take all of the public heartaches.

Is that now changing, albeit a little bit? When the National Retail Federation came out, asking that retailers no longer be required to retain credit card data after authorization, it was MasterCard—not Visa—that issued a statement and a stinging statement it was, saying the NRF plan was "inaccurate and unjustified."

MasterCard was technically correct in denying that it requires retailers to retain that data. Sure, they can delete it and risk being unable to defend against chargebacks, but that's their decision, MasterCard said. "A merchant may choose to store no cardholder data at all based on their own risk assessments and individual approaches to managing data storage according to their own business needs," read the statement.

That's true, but as a practical matter, retailers have no practical alternative and MasterCard knows it. MasterCard also said that the card's account number "may be stored in a truncated format which minimizes risk." That's more fair, but it doesn't eliminate the risk, nor reduce it as much as the NRF proposal. You'll note how, in the full MasterCard statement, MasterCard never actually addresses the NRF proposal directly, in the sense of "What is the problem with their proposal?"

MasterCard this week also rolled out its PCI Merchant Education Program, which the card firm described as offering "complimentary education and training for acquiring banks and merchants to better their understanding of PCI DSS through interactive sessions. Eight Web-based modules featuring actionable advice from MasterCard and industry experts are now available online at"

That training program offers three approaches: on-site; live web meeting; and pre-recorded content offered online.