Implementation of payment card industry data security standard by payment card companies in Kenya: surmounting security concerns

Abstract

In the recent past, the Payment Card Industry has been riddled with cases of fraud. To counter this, or reduce the frequency of such occurrences, a worldwide accepted standard called Payment Card Industry Data Security Standard (PCI DSS) was introduced into the market. This study will establish the extent to which payment card companies have implemented PCI DSS compliance standard, determine the challenges of implementing PCI DSS Compliance and establish the relationship between PCI DSS compliance and card security concerns for Payment Card companies. Whereas some companies are compliant, some aren’t because of varied reasons as explained within the challenges aspect of this study. It is notable to add that this PCI DSS has been a challenge for many institutions to implement, and for those who have been able to implement, find it had to maintain the certification. Some of the challenges mentioned are lack of full stakeholder support, the business teams not being fully aware of the role they play in cards data security, the PCI DSS conditions seemingly looking overwhelming for most IT security practitioners, the implementation being seen as an expensive endeavour, and also the fact that a single violation of any of the conditions may lead an organization to being classified as noncompliance. Additionally, the study discusses the relationship between PCI DSS and card security where the findings show that the level of education of the organisation’s staff is critical to the security of card data in the Payment Card Company. Nonetheless, these challenges are surmountable, and Payment Card companies are highly encouraged to have card security as part of their organizational strategy.