I have never been a fan of PCI from the word go. A self regulating body that is designed to protect the card companies just never sat right with me. In this case a restaurant is suing PCI for what it says is a flawed system.
PCI leveraged fines against the bank for Cisero’s Ristorante, US Bank. They in turn sued the restaurant to recoup the lost fines. How does that work exactly? Who is being protected here? Please don’t endeavour to tell me it’s the consumer. When you have companies that perform PCI audits AND sell products to those same clients to mitigate issues AND are part (allegedly) of the PCI governing body…
…are you picking up on the thread here?
From Wired:
But in their countersuit against U.S. Bank (.pdf), the McCombs allege that the bank, and the payment card industry (PCI) in general, force merchants to sign one-sided contracts that are based on information that arbitrarily changes without notice, and that they impose random fines on merchants without providing proof of a breach or of fraudulent losses and without allowing merchants a meaningful opportunity to dispute claims before money is seized.
That’s a borken system. (Yes you grammar police, I know I spelled that incorrectly. Settle down.)
“It’s just like Visa and MasterCard are governments,†said Stephen Cannon, an attorney representing the McCombs. “Where do they get the authority to execute a system of fines and penalties against merchants? That’s a very important issue in this case.â€
I don’t know how they will fare in court but, my pathological need to support the under dog has me in their corner.
Source: Article Link
(Image used under CC from jj look)
Here’s the old argument about not having to worry about PCI or PA-DSS in your environment: don’t take credit cards. A business owner has to weigh the costs versus benefits of using the credit card / bank services. In the case of a restaurant, maybe in particular of this establishment, most customers might assume credit cards are taken. Who wants to carry around a few hundred dollars in cash just to pay for a nice meal out? It sounds like the business owner wants to have the benefits of the credit card system and not deal with the bad.
That written, does the PCI council make up a detrimental monopoly or does its action constitute collusion by the credit card companies to strong arm banks and bank customers into unfair deal? In my opinion, yes. I liken it to the old tradesmen societies of old. A cobbler not of a trade society could do business, but could face terrible competition from those in the local trade society.
In the North American climate of governmental regulation, I believe the credit card companies colluded to put together this governing council to stave off outside regulators in order to give themselves a better deal than what outsiders would give them. That seems to be a sound business strategy on their part. Still, that doesn’t make it right.
@John Agreed. There needs to be a better solution that what is currently in place. Sound business strategy or self preservation? I take your point.