US financial managers get shirty over PCI-DSS implementation costs

As I recently predicted, it seems that banks and other financial institutions are less than happy with the costs of meeting the rapidly impending deadline for the introduction of Payment Card Industry Data Security Standard (PCI-DSS) technology.

Senior peeps from the likes of JP Morgan Chase & Co. and First Horizon National Corp. told an audience at the Symantec's Vision conference in Las Vegas earlier this month that they are not happy with shouldering the costs of PCI-DSS implementation.

According to Christopher Leach, chief information security officer with First Horizon, the widely-publicised TJX customer data hack problem was the fault of a retailer, not a bank, yet the banks are expected to shoulder the high costs of implementing PCI-DSS technology.

Leach told delegates that First Horizon, which processes card transactions worth around $5 billion a year, is currently going through a costly new round of PCI certification efforts.

Or, as as Leach puts it: "trying to build the airplane as we build the runway."

Other delegates at the Vision event said they were not happy with their financial services company having to shoulder the costs of PCI-DSS implementation.

Looks like Visa and MasterCard have scored one on the financial institutions once again. I wonder if the summer implementation date of PCI-DSS across the online retail industry will be quietly pushed back...