MADISON, Wis. — Security executives with leading credit union insurance and credit card portfolio managers sought to reassure the industry that it's still too early in the investigation of the card security breach at the Hannaford Bros Co. grocery chain to make any judgments about the industry's card security standards.
Hannaford, which estimated the number of card accounts compromised at up to 4.2 million in a period of between December 10 and March 10, said it was compliant with PCI at the time of the breach. This has led some to wonder at the relative worth of the Payment Card Industry rules, which card industry leaders have made a key part of their effort to reign in card fraud.
The PCI standards were developed and are being administered by the Payment Card Industry Security Council, which is made up of the leading payment card brands and is open as well to merchant and retail members. Some of the card brands, notably Visa, have been very up front about retailers having to put the standards into place in their transaction operations or face higher interchange charges and other punitive measures.
Recommended For You
Steve Ruwe, chief risk officer for PSCU Financial Services, cautioned that not enough is known yet to make a judgment about Hannaford's PCI compliance. He noted that he has observed in the past that a PCI compliance audit might show a firm compliant at a moment in time but then the firm might introduce or change a procedure that made it more vulnerable.
Chuck Cashman, director of product management for CUNA Mutual's Credit Union Protection Division observed that the Hannaford breach may indicate how PCI might need to keep evolving. "There are three broad rules to PCI currently, "he said. "Maybe what has happened at Hannaford might lead to the development of rule 13."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
