TY - BOOK AU - Mbogo Eddah AU - Mbogo Eddah TI - Challenges hindering Payment Card Industry Data Security Standard compliance in Kenya Commercial Banks AV - TK7855.M36 2017 PY - 2017/// CY - Nairobi PB - Strathmore University KW - Data security KW - Banks KW - Kenya N2 - The payment card industry has evolved over the years in Kenya, we see more card payment transactions conducted in retails shops. This has extended beyond the upmarket shopping malls to kiosks in residential areas. The increased use of card payment brought high risk of card data breach within the industry, which resulted in the creation of the Payment Card Industry Data Security Standard (PCI DSS) by the PCI council in the year 2004. The PCI DSS offers the party players; service providers like banks and merchants specific direction and recommendation to enable them establish at least a base set of proven measures that help protect sensitive cardholder data. The data security standard comprises of 12 mandatory standard requirements for the card payment party players to implement, that the study will analyze. While awareness of PCI DSS has increased, and been accepted in the card payment ecosystem in Kenya, the study shows no banks are independently complaint to the standard and only two non-financial institutions operating in the Kenya financial space, that is, Interswitch and Direct Pay are compliant. The study investigated the key factors affecting the delayed compliance in the banking industry. Data was collected from a target population of 68 bank employees with card data knowledge, within 17 commercial banks who are members of the Kenya Credit and Debit Card Association (KCDCA). Correlation and regression analysis was used to analyse the primary data collected using the questionnaire instrument. The findings of the study show the top three key challenges that hinder PCI DSS compliance in Kenya commercial banks are; budget constraint, scope coverage of the security standard and the lack of legal framework governing card payment data security. The outcome of the study will enable banks appreciate the importance of the standardization of data security through PCI DSS which brings around benefits such as; more interoperability and interlinking between banks, faster compliance to rapidly changing statutory requirements surrounding data privacy, ease defense in case of law suits among other benefits. The results will also give an insight to the Payment Card Industry Council to look for more ways to engage with banks that show interest in complying with the standard and offer support. The study recommends similar research on other African countries for comparison purpose and further research can be carried out on other players in the card payment ecosystem such as merchants UR - https://su-plus.strathmore.edu.ezproxy.library.strathmore.edu/handle/11071/5543 ER -