Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Rest-of-the-world had Visa/MC forcing merchants to upgrade on a faster schedule than the US, because the US card environment has many more middle-man processors in the mix that would lose their slice of the transactions.

Also large retailers that "self-acquired" didn't want to invest in upgraded readers, or lose access to the card details.

Breaches like Target's where a bunch of actual CPANs and customer details were stolen started to force the US to upgrade. Enforcing PCI compliance of separation and encryption of CHI has also forced US companies and banks to upgrade.



anyone else wondering CHI is cardholder information


The correct acronym is CHD (Cardholder Data). Using specialised acronyms in normal conversation is annoying enough when you use the right ones…


I always get PII and CHD mixed up :)

Sorry, to clarify:

PII: Personally Identifiable Information (relates to GDPR etc)

CHD: Card Holder Data (relates to EMV etc)

CHD is a form of PII, but PII has greater scope.


Just to throw confusion into the mix, PCI (payment card industry) governs credit/debit card standards, including security in the US.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: