Thursday, August 23, 2007
PCI DSS Compliance Makes Slow Progress
The challenges that faced by merchants in their efforts to comply with the Payment Card Industry (PCI) Data Security Standards (DSS) have received a great deal of publicity, especially since Visa U.S.A. had announced its intent to levy penalize noncompliant merchants beginning in October, 2007. see here However, recently Visa has backed off of its aggressive stance, and announced that instead of denying merchants the right to participate in its tiered fee structure, it will simply downgrade noncompliant merchants one tier, and require them to pay higher fees. This softened approach was announced in a memo issued by VISA and Fifth Third Processing Solutions earlier this month. Practicality vs. SecurityThey also announced that merchants who are in compliance by September 30, 2008 may be eligible for lost interchange discounts and other incentives. While the Payment Card Industry is to be lauded for its efforts to increase security and reduce the potential for identity theft and credit card fraud, the draconian measures it attempted to use in order to speed up the DSS compliance process did not recognize the difficulties and costs encountered by merchants in attempting to comply with the 140 requirements for protecting credit card data. Not only are the smaller retailers encountering challenges and obstacles to compliance, but recent estimate indicate that more than half of Visa's top tier merchants have not yet achieved full compliance. Visa and MasterCard must find a way to keep the pressure on, but not such a pace as to hurt retailers financially.