When it comes to an online service company or a merchant that is using the credit card companies Visa, MasterCard, American Express, Discover, or Japan Credit Bureau, to process their cashless purchasing transactions, the merchant's agreement with the transaction processing bank is binding. This agreement ultimately determines what security procedures and requirements the merchant must meet to continue to use the card processing equipment and to continue with the cashless transactions.
However, the five credit card companies Visa, MC, AMEX, Discover, and JCB, have created a consortium, named Payment Card Industry Council (PCI Council) that puts forth requirements for merchants to set up Data Security Standard, DSS, and customer data Security procedures in order to be PCI compliant.
Many times, the merchant's agreement with the bank will include the need for the merchant or online service company for the PCI compliance, and the question of the PCI compliance fee comes up.
Before we determine whether PCI DSS compliance fee is worth it for your business, we must define what PCI compliance is and consider the pros and cons of PCI DSS compliance.
Advantages Of PCI DSS Compliance
PCI compliance checklist is made up of 12 rules of setting up electronic payment systems, maintaining their security, protecting customers data, and ongoing security monitoring.
The advantage for a merchant of being PCI compliant is that by doing so, the basics of the normal online business security will be covered to a large extent, since PCI DSS compliance rules are based on online security best practices. For instance, a positive exit of a regular PCI compliance scan will confirm that the payment system is protecting the system well against intruders.
Another advantage is that by maintaining PCI DSS compliance requirements, the merchant will avoid any possibly steep fees that a bank could impose on their business for the emergency upgrade of their payment systems in case of a security breach.
Disadvantages Of PCI DSS Compliance Audit
Some business owners argue that the 12 rules of PCI DSS compliance are actually over 200 rules, that are not clearly defined, and their fulfillment is there subject to interpretation. Because of the huge number of complicated and difficult to understand rules, the time, effort, and manpower it takes to maintain PCI DSS compliance and the necessary paperwork, in addition to the PCI compliance fee, is a huge burden on any business.
Another disadvantage is a false sense of security. Just blindly following PCI DSS compliance guide and becoming PCI compliant does not by any stretch mean that your data is completely secure.
Last but not least, PCI DSS compliance audit can be quite expensive.
Conclusion – Is PCI Compliance Fee Worth It?
In this case, companies have little choice. Visa, Mastercard, AMEX, Discover, and JCB probably process 99% or more of all card transactions world wide, so if a merchant wants to accept credit and debit cards, the compliance is a necessary evil. There is simply not much alternatives to going through one of five of the PCI founding payment card companies.
On the positive side, if the merchant can harmonize their PCI compliance procedures to fit into their standard security practices, then the incremental cost in manpower, paperwork, time and money spent on PCI compliance fee, may not be too burdensome.