While President Obama is in London for the G20 summit today, retailers’ eyes should also be on a little-publicised congressional panel back in the US that could impact the way credit card data is used in the future.

The panel is investigating the impact that the payment card industry data security standard (PCIDSS), mandated globally by the major payment card brands, has had on reducing cybercrime.

The hearing was held by the House Homeland Security Committee’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.

The US trade body the National Retail Federation yesterday testified to the panel that the security standards imposed on retailers by the payment card industry are costly and ineffective, and what’s required instead is a redesign of the processes.

NRF senior vice president and chief information officer David Hogan, who testified to the panel, said: “If the goal is to make credit card data less vulnerable, the ultimate solution is to stop requiring merchants to store card data in the first place.”

He continued: “The bottom line is that it makes more sense for credit card companies to protect their data from thieves by keeping it in a relatively few secure locations, than to expect millions of merchants scattered across the nation to lock up their data for them.”

Hogan believes that PCI is little more than an elaborate patch. He added: “While PCI can reduce some fraud – at extraordinary cost – it is not nearly as effective as a redesign of the card processes themselves.”

“Retailers have been required to take extraordinary steps to ensure that somewhere, somehow, data is not inadvertently being retained by software. However, what is ironic about this scenario is that the credit card companies’ rules require merchants to store for extended periods credit card data that many retailers do not want to keep.”

UK retailers seem resigned to the fact that they must comply with the rules laid down by the Payment Card Industry Security Standards Council (PCISSC).

But just as in the US, there is growing evidence that the standard alone is not enough to protect retailers or consumers from growing internet-enabled fraud.

It’s only been a couple of weeks since UK banking industry association APACS issued its card fraud figures for 2008, showing that card-not-present fraud has risen yet again, by 13 per cent to £328.4 million.

If the panel agrees with the NRF, it could be the first step in what will be a very long journey to change the way that payment card transactions are processed in the US. And with the PCISSC committed to a single global standard, it could be another case of a US issues becoming a problem for the rest of the world.