Compared to any other time in its history, the payment card industry faces an increasing variety of security challenges as the transaction environment grows in size and complexity. With more stakeholders, payment channels, and people driving the use of payment cards, the need to enhance the integrity of an increasingly dynamic system while ensuring global acceptance is more important than ever.
In many European countries, payments by card represent the vast majority of cross-border retail transactions and are the most common means of effecting payments over the Internet. Statistics for the euro area show that, in the past five years, the use of both debit and credit cards has almost doubled. The euro area is home to more than twenty card schemes, but the market is still fragmented, since the majority of card schemes consist of national debit card schemes. The increasing use of cards makes card security and infrastructure of concern to both central banks and the market.
Payment Card Industry (PCI) (also see compliance below)
Members of the PCI Security Standards Council currently consist of the five major payment brands: Visa, MasterCard, American Express, Discover, and JCB. The executives and management of the PCI SSC are also filled by employees of the aforementioned payment brands.
Interested parties can participate in the development of the PCI security standards through registration as a Participatory Organization. These participants are organized into Special Interest Groups which are tasked with recommending revisions to and the further development of the various security standards maintained by the council.
A payment service provider (PSP) offers (web) shops online services for accepting electronic payments by a variety of payment methods including credit card, bank-based payments such as direct debit, bank transfer, and real-time bank transfer based on online banking. Typically, they use a Software as a service model and form a single technical gateway for their clients (merchants) to multiple payment methods.
Typically, a PSP can connect to multiple acquiring banks, card, and payment networks. In many cases, the PSP will fully manage these technical connections, relationships with the external network, and bank accounts. This makes the merchant less dependent on financial institutions and free from the task of establishing these connections directly, especially when operating internationally. Furthermore, by negotiating bulk deals they can often offer cheaper fees.