The merchant account industry is in turmoil right now relating to the PCI-DSS fees that just about everyone is currently experiencing. I would like to make an analysis of why we are all seeing these fees and how this whole situation came about.
Just to dispel any hopes that these might be going away soon, they’re not. If anything, PCI is going to get much stricter, as congress has openly stated that PCI-DSS is not nearly enough.
How did we get to this point?
The entire PCI-DSS concept materialized many years ago when Visa created PCI and MasterCard created a program called SDP. By creating a security framework based on history, logic, and anticipated weaknesses, these programs were designed to be a model for safely storing and transmitting credit card data. Eventually the issuers joined together and created the PCI security council, which was supposed to be an envelope organization in charge of PCI standards. The idea was that it would be far easier for merchants to handle a single version of PCI, rather than Visa, MasterCard, Amex and Discover separately having their own standards. Over time, PCI-DSS gained an adoption time-line, and became much more organized. PCI covers general operating principals, but is primarily geared to network and data security, as the internet and broadband access have created unseen opportunity for thieves to remotely steal large amounts of credit card and sensitive data.