PCI exists to increase credit card security and, among other goals, to stave off government intervention. While significant effort has been made to improve the security of credit card data processing, adequate attention has yet to be given to the identification, authentication, and accountability of cardholders.

For consumers, the primary concern is account takeover. Account takeover occurs when your existing bank or credit card accounts are infiltrated and your money is siphoned out. A hacked account or stolen credit card is often to blame.

InformationWeek reports that according to a new Ponemon Institute survey, “50% of security professionals view PCI as a burden, and 59% don’t think it helps them improve security. Furthermore, comparing this study with the inaugural one conducted in 2009, the number of respondents who said they had sufficient resources to comply with PCI dropped from 40% to 38%. Ponemon also found that the number of organizations that had experienced a data breach in the past two years increased from 79% in 2009 to 85% in 2011.”

Retailers who invest in device fingerprinting and device reputation make it much easier to identify bad guys during purchases, making those stolen credit card numbers way less valuable to thieves. By instantly evaluating a device’s history for criminal activity and assessing risk on new devices within a fraction of a second, retailers can stop fraudulent transactions before the order is accepted and product shipped.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston.

Predictably representatives from the PCI council and the cards industry defended the standard and said that any company that had been shown to be breached was in violation of one of the standards at the time.

The reality of this all is that evidence of a breach doesn’t invalidate a standard. No regulation is going to stop online fraud, but it can dramatically reduce the risk as opposed to the absence of the standard. The real question should be how many breaches would have occurred without the standard and how must the standard evolve to be more effective and meet the worlds changing threat.