Challenges hindering Payment Card Industry Data Security Standard compliance in Kenya Commercial Banks

By: Contributor(s): Publication details: Nairobi, Strathmore University, 2017Description: ix,62p. illSubject(s): LOC classification:
  • TK7855.M36 2017
Online resources: Summary: The payment card industry has evolved over the years in Kenya, we see more card payment transactions conducted in retails shops. This has extended beyond the upmarket shopping malls to kiosks in residential areas. The increased use of card payment brought high risk of card data breach within the industry, which resulted in the creation of the Payment Card Industry Data Security Standard (PCI DSS) by the PCI council in the year 2004. The PCI DSS offers the party players; service providers like banks and merchants specific direction and recommendation to enable them establish at least a base set of proven measures that help protect sensitive cardholder data. The data security standard comprises of 12 mandatory standard requirements for the card payment party players to implement, that the study will analyze. While awareness of PCI DSS has increased, and been accepted in the card payment ecosystem in Kenya, the study shows no banks are independently complaint to the standard and only two non-financial institutions operating in the Kenya financial space, that is, Interswitch and Direct Pay are compliant. The study investigated the key factors affecting the delayed compliance in the banking industry. Data was collected from a target population of 68 bank employees with card data knowledge, within 17 commercial banks who are members of the Kenya Credit and Debit Card Association (KCDCA). Correlation and regression analysis was used to analyse the primary data collected using the questionnaire instrument. The findings of the study show the top three key challenges that hinder PCI DSS compliance in Kenya commercial banks are; budget constraint, scope coverage of the security standard and the lack of legal framework governing card payment data security. The outcome of the study will enable banks appreciate the importance of the standardization of data security through PCI DSS which brings around benefits such as; more interoperability and interlinking between banks, faster compliance to rapidly changing statutory requirements surrounding data privacy, ease defense in case of law suits among other benefits. The results will also give an insight to the Payment Card Industry Council to look for more ways to engage with banks that show interest in complying with the standard and offer support. The study recommends similar research on other African countries for comparison purpose and further research can be carried out on other players in the card payment ecosystem such as merchants.
Reviews from LibraryThing.com:
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)
Holdings
Item type Current library Call number Status Date due Barcode Item holds
BOOK BOOK Special Collection Special Collection TK7855.M36 2017 Available 77078
Total holds: 0

The payment card industry has evolved over the years in Kenya, we see more card payment transactions conducted in retails shops. This has extended beyond the upmarket shopping malls to kiosks in residential areas. The increased use of card payment brought high risk of card data breach within the industry, which resulted in the creation of the Payment Card Industry Data Security Standard (PCI DSS) by the PCI council in the year 2004. The PCI DSS offers the party players; service providers like banks and merchants specific direction and recommendation to enable them establish at least a base set of proven measures that help protect sensitive cardholder data. The data security standard comprises of 12 mandatory standard requirements for the card payment party players to implement, that the study will analyze. While awareness of PCI DSS has increased, and been accepted in the card payment ecosystem in Kenya, the study shows no banks are independently complaint to the standard and only two non-financial institutions operating in the Kenya financial space, that is, Interswitch and Direct Pay are compliant. The study investigated the key factors affecting the delayed compliance in the banking industry. Data was collected from a target population of 68 bank employees with card data knowledge, within 17 commercial banks who are members of the Kenya Credit and Debit Card Association (KCDCA). Correlation and regression analysis was used to analyse the primary data collected using the questionnaire instrument. The findings of the study show the top three key challenges that hinder PCI DSS compliance in Kenya commercial banks are; budget constraint, scope coverage of the security standard and the lack of legal framework governing card payment data security. The outcome of the study will enable banks appreciate the importance of the standardization of data security through PCI DSS which brings around benefits such as; more interoperability and interlinking between banks, faster compliance to rapidly changing statutory requirements surrounding data privacy, ease defense in case of law suits among other benefits. The results will also give an insight to the Payment Card Industry Council to look for more ways to engage with banks that show interest in complying with the standard and offer support. The study recommends similar research on other African countries for comparison purpose and further research can be carried out on other players in the card payment ecosystem such as merchants.

There are no comments on this title.

to post a comment.
© Strathmore University Library Madaraka Estate Ole, Sangale Road P. O. Box 59857 00200 City Square Nairobi Kenya
Tel.: (+254) (0)703 034000/(0)703 034200/(0)703 034300 Fax.: (+254) (0)20-607498