{"id":4123,"date":"2016-06-02T06:58:53","date_gmt":"2016-06-02T11:58:53","guid":{"rendered":"http:\/\/3dmerchant.com\/blog\/?p=4123"},"modified":"2021-12-03T03:23:36","modified_gmt":"2021-12-03T08:23:36","slug":"ftc-investigate-credit-card-pci-security-group-antitrust","status":"publish","type":"post","link":"https:\/\/3dmerchant.com\/blog\/merchant-processing-security\/ftc-investigate-credit-card-pci-security-group-antitrust","title":{"rendered":"Retailers Ask FTC to Investigate Credit Card Industry&#8217;s PCI Security Group for Antitrust Concerns"},"content":{"rendered":"<div class=\"field-item odd\">\n<div class=\"entity entity-bean bean-db-paragraph clearfix\">\n<div class=\"content\">\n<div class=\"field field-name-field-db-paragraph field-type-text-long field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\">\n<p>WASHINGTON \u2013 The National Retail Federation today announced that it has asked the Federal Trade Commission to conduct an investigation into an organization founded by the credit card industry that sets data security standards, saying the group\u2019s controversial practices raise antitrust concerns.<\/p>\n<p>\u201cWe urge the FTC not to rely on PCI DSS for any purpose, particularly not as an example of industry best practices nor as a benchmark in determining what may constitute responsible data security standards in the payment system or any other sector,\u201d NRF Senior Vice President and General Counsel Mallory Duncan said in a <a href=\"http:\/\/nrf.com\/sites\/default\/files\/PCI-2016-NRF%20White%20Paper%20on%20PCI%20DSS.pdf\">letter to FTC Chairwoman Edith Ramirez <\/a>and other commission members.<\/p>\n<p>The Payment Card Industry Security Standards Council is \u201ca proprietary organization formed and controlled by a single industry sector \u2013 the major credit card networks\u201d and \u201cfails to meet any of the principles adopted by the federal government for voluntary standard-setting organizations,\u201d Duncan said. \u201cWe believe you will conclude PCI itself is an inappropriate exercise of market power by the dominant U.S. payment card networks and PCI should not continue setting data security standards through its current processes.\u201d<\/p>\n<p>NRF\u2019s request comes as the FTC is <a href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2016\/03\/ftc-study-credit-card-industry-data-security-auditing\" target=\"_blank\" rel=\"noopener\">conducting an inquiry<\/a> into how third-party companies perform assessments of PCI compliance by retailers and other businesses that accept credit cards. NRF understands that the FTC is also considering PCI requirements as an example of industry best practices.<\/p>\n<p>The PCI council was formed in 2006 by the major credit card companies \u2013 Visa, MasterCard, American Express, Discover and JCB. It imposes its rules on millions of U.S. businesses but continues to be governed by an executive committee made up of representatives of only those five companies.<\/p>\n<p>In a <a href=\"http:\/\/nrf.com\/sites\/default\/files\/PCI-2016-NRF%20White%20Paper%20on%20PCI%20DSS.pdf\" target=\"_blank\" rel=\"noopener\">19-page white paper <\/a>submitted to the FTC, NRF said the card companies use their market power to \u201cunfairly leverage their brands and proprietary technology through webs of closely controlled interdependent bodies and compliance regimes\u201d including the council. While portrayed as voluntary, the Payment Card Industry Data Security Standard requirements set by the council are \u201cforced upon businesses that cannot refuse to accept credit and debit cards.\u201d<\/p>\n<p>The council\u2019s practices \u201craise antitrust concerns\u201d for a number of reasons, including \u201cgeneral antitrust dangers when competitors collaborate on setting market standards\u201d and \u201cmore targeted concerns insofar as they allow the networks to leverage their proprietary technology,\u201d the paper said.<\/p>\n<p>Among other concerns, PCI requirements act as \u201cas an anticompetitive barrier to innovation\u201d because they \u201cexhaust\u201d funds and other resources retailers have available for data security, the paper said.<\/p>\n<p>NRF asked that the FTC investigate the council\u2019s practices in general and particularly their impact on competition. The FTC should also reject government use of PCI standards as any benchmark for data security, and instead work with \u201clegitimate U.S. standard setting bodies\u201d such as the American National Standards Institute, NRF said.<\/p>\n<p>NRF is the world\u2019s largest retail trade association, representing discount and department stores, home goods and specialty stores, Main Street merchants, grocers, wholesalers, chain restaurants and Internet retailers from the United States and more than 45 countries.\u00a0Retail is the nation\u2019s largest private sector employer, supporting one in four U.S. jobs \u2013 42 million working Americans. Contributing $2.6 trillion to annual GDP, retail is a daily barometer for the nation\u2019s economy. NRF\u2019s <a href=\"http:\/\/thisisretail.org\/\">This is Retail<\/a> campaign highlights the industry\u2019s opportunities for life-long careers, how retailers strengthen communities, and the critical role that retail plays in driving innovation. <a href=\"https:\/\/nrf.com\/\">NRF.com<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>WASHINGTON \u2013 The National Retail Federation today announced that it has asked the Federal Trade Commission to conduct an investigation into an organization founded by the credit card industry that sets data security standards, saying the group\u2019s controversial practices raise &hellip; <a href=\"https:\/\/3dmerchant.com\/blog\/merchant-processing-security\/ftc-investigate-credit-card-pci-security-group-antitrust\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,142,9],"tags":[286,581,457],"class_list":["post-4123","post","type-post","status-publish","format-standard","hentry","category-merchant-processing-industry-news","category-pci-compliance-merchant-processing-security","category-merchant-processing-security","tag-nrf","tag-payment-card-industry-security-standards-council","tag-pci-security-standards"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts\/4123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/comments?post=4123"}],"version-history":[{"count":2,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts\/4123\/revisions"}],"predecessor-version":[{"id":5688,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts\/4123\/revisions\/5688"}],"wp:attachment":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/media?parent=4123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/categories?post=4123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/tags?post=4123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}