Open Security and Implementation Standards

The payment system is complex, made up of many participants, all of whom have expertise and should play a role in establishing payment card security standards and ensuring those standards are implemented in a manner that provides equal and fair access.  Security standards and their implementation are important because they establish guidelines for anyone involved in the payment process from designing payment devices to accepting or processing payments.

Currently, these payment security standards are dictated by the Payment Card Industry Security Standards Council, a closed group controlled by one segment of the payment industry sector – the dominant payment card networks- and EMVCo, which is also controlled by the dominant payment card networks. And those payment networks also dictate the implementation of those standards. This closed decision-making process provides limited and non-voting opportunities for merchants, payment processors, and domestic debit networks to substantively shape the standards and policies governing payments transactions. This gives one narrow subset of the entire payments industry complete control over the creation of proprietary and closed implementations of security standards that impact all businesses and consumers. We must move beyond making decisions based on what is best for one business segment and enact standards and processes that benefit all members of the payment card industry and consumers.