PCI DSS Compliance

[Mike Tapa]

Has anyone noticed how Lloyds cardnet have made it more difficult to update compliance?

I have recently been informed of a non compliance charge of and extra £20 per month per merchant account (we have 3)
Together with the charges for our sage pay gateway, we are now haemorrhaging around £150 per month in charges and service fees (this is before any transaction charges.

So...

I dig out my saved login details for for each of the merchant account numbers to do the compliance myself on the cardnet website, (as I did last year), only to find that the user name or password is invalid.

I get through to customers services at cardnet and they say that the log in details (which one would normally use annually) are only valid for 80 days

Really?
How is that supposed to work then?

I get sent new details, log in and find that the questions are far more complex and in greater number that previously, making it almost impossible to be compliant.
Outcome?
Either I live with the extra charges or sign up for their "compliance service" and extra costs.

To me this is beginning to look like one big rip off to squeeze even more money out of small businesses like ours

The strange thing is and what makes it less of a rip of and more of a scam is that even though we are allegedly non compliant, we can continue to take card payments.

Where is the protection that PCD DSS is supposed to provide?

I'm thinking of switching to another method of taking payment.
Anyone have any suggestions?

Cheers

Mike

 

[dotcomdude]

I'm thinking of switching to another method of taking payment.
Anyone have any suggestions?

I use Stripe, and find them excellent - plus they're a local(ish) success story.

 

[TotalWebSolutions]

The compliance does tend to grow with more questions added as more areas come under scope (merchant website, shopping cart, web host, data centre etc) on the standard. As such, more and more acquiring banks are now offering the additional help services for PCI compliance questionnaire completion (sometimes with an additional cost) with fines increasing and becoming more regular for non-compliance as a deterrent.

PCI compliance protects sensitive cardholder data and you as a merchant accepting credit/debits cards are required to show that you meet the standards in order to reduce card fraud and possible data breaches.

 

[Alison Moore]

Yes I agree with you, to me it's a scam too, if you're not compliant you shouldn't be able to take card payments, not just pay a penalty - although if I recall correctly, you you a time limit in which you have to become compliant? In principal, of course, PCI DSS is an excellent idea as it cuts down on credit card fraud, but in practice it's seems to be just another excuse to get more money out of businesses.

 

[Nochexman]

I use Stripe, and find them excellent - plus they're a local(ish) success story.

Well, local(ish) if you live in Oakland California... https://officesnapshots.com/2014/01/27/inside-stripes-san-francisco-headquarters/

 

[Peter Stuart]

Has anyone noticed how Lloyds cardnet have made it more difficult to update compliance?

I have recently been informed of a non compliance charge of and extra £20 per month per merchant account (we have 3)
Together with the charges for our sage pay gateway, we are now haemorrhaging around £150 per month in charges and service fees (this is before any transaction charges.

So...

I dig out my saved login details for for each of the merchant account numbers to do the compliance myself on the cardnet website, (as I did last year), only to find that the user name or password is invalid.

I get through to customers services at cardnet and they say that the log in details (which one would normally use annually) are only valid for 80 days

Really?
How is that supposed to work then?

I get sent new details, log in and find that the questions are far more complex and in greater number that previously, making it almost impossible to be compliant.
Outcome?
Either I live with the extra charges or sign up for their "compliance service" and extra costs.

To me this is beginning to look like one big rip off to squeeze even more money out of small businesses like ours

The strange thing is and what makes it less of a rip of and more of a scam is that even though we are allegedly non compliant, we can continue to take card payments.

Where is the protection that PCD DSS is supposed to provide?

I'm thinking of switching to another method of taking payment.
Anyone have any suggestions?

Cheers

Mike

Hi Mike

I have been in the industry a while and my opinion is that this will become the next PPI claim
it is a requirement currently but i don't think it will be in the future as you are right what does it actually do! A lot of it is to do with taking payments on a secure network which half the time is provided by the card processing company.

there are already some companies not charging it at the moment and i imagine within a few years it will be against rules to charge for it.

 

[Nico Albrecht]

non compliance charge of and extra £20 per month per

I thought with PCI compliance the added amount for non compliance is insurance money in case you have a breach and they pay the damages.

 

[Peter Stuart]

I thought with PCI compliance the added amount for non compliance is insurance money in case you have a breach and they pay the damages.

non compliance charge is simply a charge for if you haven't completed your annual PCI DSS certificate because if you haven't done so you are classed as non compliant

you will receive these non compliant charges monthly until you complete your certificate!

some companies charge up to £60 per month

 

[arnydnxluk]

Well, local(ish) if you live in Oakland California... https://officesnapshots.com/2014/01/27/inside-stripes-san-francisco-headquarters/

Founded by Irish brothers Patrick Collison and John Collison.