They're not ready to pitch tents just yet, but one group is speaking out against the Payment Card Industry data-security standard.
The Occupy PCI movement organizers say that the PCI Council is taking a flawed approach to fraud reduction.
According to the Occupy PCI website, the PCI Council which manages the standard is promoting new rules for devices that read debit and credit cards. Those rules state that card readers would need to undergo testing, certification and listing on the Council's website.
That testing would place a considerable financial expense on vendors and allow the Council to pocket a profit, those behind the Occupy PCI movement say.
PCI compliance audits are good at evaluating controls, policies and procedures, according to a payments processing expert at US Dataworks. The standards have certainly improved the security of cardholder data.
But the problem is that means the crooks just get more creative. The better path to cardholder privacy is through a different mechanism rather than relying on card account numbers and magnetic stripes.
The Occupy PCI movement agrees that a new approach is needed.
Even the strongest encryption cannot protect data already written on the blackboard. Data on the magnetic stripe are unprotected from the first time they're issued and must be delivered in clear text to the brands for authorization.
Merchants are caught in the middle, charged with the responsibility of shrouding that data. Occupy PCI supporters say it's time to shake up the status quo when it comes to data protection.
Source: Occupy PCI, January 2012