PCI DSS Security: Banks don't want you to comply


The payment card industry needs to ensure people do not lose faith in their system. If too many merchants and consumers are hit by credit card fraud, then they may stop using cards altogether.

Obviously, the industry doesn’t want this to happen. That’s why it created the PCI DSS security standard. PCI DSS sets a security baseline to protect cardholder data.

So banks want you to comply with the rules, right? Not necessarily, and especially not if you are a small merchant.

3 reasons banks don’t want you to comply

Reason #1. Banks profit on non-compliance

Acquiring banks, the ones that sign up merchants to process credit cards, are responsible for getting their merchants compliant. However, they can charge higher fees to the merchants who do not comply. Therefore they are not motivated to help small merchants like you.

The higher fees may show up as monthly, quarterly, or annual administrative fees in your statement. They may not show as related to non-compliance, even if that’s the cause. Review your next statement carefully.

Reason #2. Merchants pay the penalties

Penalties for PCI DSS non-compliance are issued by the card brands to the banks, but the banks do not pay them. The fines are passed on to you, the merchant.

So although the banks are responsible to get merchants compliant, they do not suffer the consequences if they fail. Paying the fine is your problem, so the banks are not motivated to worry about it.

Reason #3. Small business is not a priority

Small and medium businesses are known as Level 4 merchants, those who process fewer than 20,000 card transactions annually. Banks do not consider these merchants a priority.

Banks are more concerned with getting their major retail customers compliant. Companies like Target and Home Depot are larger sources of revenue for them. They cannot afford to lose a large customer to another bank that provides more assistance. But they can afford to lose thousands of small customers like you before it hurts.

Don’t wait for your bank to help with PCI DSS security

The incentives are not in place for acquiring banks to help small merchants get compliant PCI DSS security. So what should you do? Achieve compliance anyway!

Compliance may help lower your processing fees and avoid penalties should a breach occur. It will also set you on a path toward better security, one that can help you protect customers, minimize network disruptions, and increase your returns on the investments you’ve made in technology.


Related resources

PCI DSS for IT Providers: The rules and impact on MSPs and VARs

PCI DSS: Easier and cheaper compliance with SAQs

PCI DSS Version 3.0 - PCI Security Standards Council - pdf

How AccessEnforcer Fits with PCI DSS


Written by Calyptix

 - December 30, 2014

About Us

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology. Our customers do not waste time with security products designed for large enterprises. Instead, we make it easy for SMBs to protect and manage networks of up to 350 users.
call us
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram