A PCI compliance Web page
So what is the answer to this informational dilemma? Since I'm pointing out the problem, I suppose I should at least suggest a solution. At least for now, I think the best answer would be to have retailers voluntarily allow the results of PCI compliance reports collected by major credit card companies to be made public. This could be accomplished simply by having credit card providers maintain a Web page with a list of retailers their acquiring banks have indicated are PCI-compliant.This would not require creating any new oversight mechanisms and would not be too onerous a responsibility for the credit card companies, which could update their online lists every quarter. It also would certainly serve the interests of retailers who are PCI compliant, both in terms of increasing consumer confidence and of providing public evidence they did take responsible security steps in the event there is some type of breach and a lawsuit follows.