Visa has relaxed its regulatory rules so that European high street merchants who capture at least three-quarters of their take through EMV-enabled chip-and-PIN terminals will no longer have to pass Payment Card Industry Data Security Standard (PCI DSS) audits every year. The programme, which will help high street shops to reduce …
Exemption rules ignored
The article neglects the inconvenience to travellers to the UK who try to use their own credit cards at these high street stores and are denied because the card is not issued by a UK bank, has no chip-and-pin, or the chip-and-pin system is not the same as that used in the UK.
Exemption rules for such have been in place for 5 years and are still routinely ignored.
To be fair
To be fair this article isn't about that...
It's about relaxing the rules around security checks of vendors who have the equipment to help allow them to offer the service.
As for chip-and-pin in the UK - it's better than just a signature. it's not perfect but I think no system is. Travellers that have a chip on their credit card "should" have received the PIN and if not then should request one.
In case you don't have PIN - many stores will do an override if you show passport as well but I guess it depends on how this is asked of the seller.
Also around the globe - many places will ask if you want to sign or use PIN. Sometimes the PIN is enforced but not often.
PCI-DSS is largely a paper-excercise for most companies anyway...
A paper based exercise that is costing us millions?
Sounds about right
I think he means that paper exercises generally cost a lot and have little to no benefit.
Europe + (World - Europe) - USA = World - USA
What does this mean:
"In addition, the programme only applies in Europe and elsewhere in the world, except the US, ..."
Yanks are a backwards lot
I don't know ...
... but it seems remarkably easy to use cards over there without offering signature or PIN. The first couple of times, I stood there gormlessly wondering whether the shop assistant was actually going to authorise the transaction at any point.
No, fellow queuers, I am not from Idiotville. I am from the future.
Maybe they could divert some of those resources into creating a secure card payment system (and this time not just replace a crummy biometric with a crummy password)