PCI Compliance Scare Tactics
First off, I must commend on the industry for pushing merchants to a higher standard of care when it comes to security and better practices, but there is a line that has been crossed, and continues to be crossed, when it comes to merchants.
I will be the first to admit, it’s never a bad idea to educate, train and empower merchants to refocus some of their efforts on better security. After all, when it comes down to it, everyone should be more cautious about consumer data whether it be the CTO managing next year’s security budget, or the cashier taking the card itself- but when the industry decides to use scare tactics, that is just not right.
Fact is, PCI compliance is about merchants who store card data. There are countless options that allow merchants not to be required to undergo compliance requirements, whether it be hosting your payment page on your payment gateway or using third party billers, there are many ways you can avoid the need for PCI compliance, but it all comes down to not storing or transmitting card data.
When the industry decides to scare merchants into paying ridiculous annual fees or undue audit charges, that’s just absurd. In the end, the people often selling these “PCI” services often don’t even realize the idea behind PCI compliance other than to think that merchants “must” adhere to it. Most merchants do follow 100% of the PCI requirements, so when service providers attempt to scare merchants into unneeded fees and expenditures, especially in today’s economy, that’s just wrong.
If you or your company have been hit by undue fees, please let me know and I will be glad to expose companies that prey on unsuspecting merchants with exorbitant fees and charges when they simply aren’t needed.
Need help when it comes to PCI compliance? Go straight to the source. Visa (NYSE V) has a great online resource that is easy to understand and follow for merchants - http://usa.visa.com/merchants/risk_management/cisp_merchants.html. Yes, I admit most merchants will need help beyond informational pages like this, but I also think that before you or any other merchant decides to spend a couple of thousand dollars on ridiculous PCI compliance fees, you should read the information straight from the source and don’t feel bad about asking your service provider: “can you show me where it says I really need this?” Because most of the time, they wont be able to.
Bookmark this article!
Only call this number to handle these issues...Executive Customer Relations general line: 704-386-5687.
DO NOT CALL ANYONE ELSE! The above ...
To who it may concern.
I keep getting this email from someone who says they are bank one. I have talked ...
Wow... what's up with the guys not knowing the Internet boomed because of the adult industry. Are you guys 15yrs ...
In defence of Amex, in my experience the chargeback system is fully transparent and fair for both consumer and vendor. ...
Its the worst thing Amex can do to them self. That is why they are not a major role in ...
this is 100% right on the money!
When it comes down to it, it’s about their chargeback policy. Unlike Visa and ...
I have an account at citibank and I'm loving their services. I wish they don't close. 
I just opened my account 3 days ago and already deposited money into the account. I haven't even received my ...
This article is a little mis-guided. If DCC never existed and we use our cards abroad with a different currency ...
Well, I think I can explain how Bank of America plans on reversing their financial straights.
First they are going to ...
Comment by Rick on 9 February 2009:
I agrre with what your saying but to say “Fact is, PCI compliance is about merchants who store card data” is just not true. Even if a merchant outsources all of it’s payment processing, storage, etc. they still have pci requriements to comply with like screening employees, properly/securely storing paper with credit card data on it, etc. I don’t think any merchant that accpets Credit Cards can aviod compliance issues.
Comment by ross on 19 February 2009:
I don’t look at my monthly FIRST DATA merchant statements cause I trusted them!
I found the hard way they were ripping me off using PCI and other means!
A 1.75% visa charge because almost 10% fees processing !
These people are No. #1 THIEF!
PCI Compliance is another vehicle to defraud those who work hard for their business and believe in processor do their job!
FIRST DATA is getting a white collar crime; the old fashion way of defraud when you don’t look! and busy with your business!
Comment by ACH Merchants on 24 February 2009:
I agree. been involved in the merchant processing business for 7 years. But I would recommend you look at your statement. From time to time, there are errors as many merchants have been defrauded this way.
Comment by Tim on 17 April 2009:
Well I think any merchant processing online needs to be PCI certified. The risk is just to big. However, I know TrustCommerce has come out with a product that avoids PCI for online merchants. If you are an online merchant and process one time transactions I say take a look. It can save you some money.