Banks 'oblivious' to credit card compliance mandate

Widespread confusion in Australia's banking industry about new compliance measures has led to five breaches of the Payment Card Industry (PCI) data security standard.

Visa and MasterCard led the instigation of the mandate, which is already more than a year old, but awareness of the PCI standard in Australia remains extremely low.

Version 1.1 of the standard, the rules of which are aimed at protecting credit card data via encryption, end-user access and handling procedures, was introduced on September 7, 2006.

But because it was a US-led standard, there has been confusion about local compliance requirements, although Visa confirmed last week that it has been officially mandated in Australia.

Visa Australia and New Zealand risk manager Ian McKindley said banks and merchants are largely ignorant of PCI requirements despite extensive campaigning.

"Awareness of PCI in Australia is far lower than we would have hoped [despite] a series of seminars being held in [both countries]; we also posted more than 300,000 fliers to merchants earlier this year," McKindley said.