One of the biggest complaints I am recently getting at Dydacomp is around the confusion of the PCI Deadline. For those not completely familiar with the term PCI, it stands for Payment Card Industry that is an organization that is backed by all the major credit card issuers who through this Council, have a stated goal of eliminating credit card fraud globally.
Pretty lofty goal, but the Council is well on its way. The UK reported credit card-not-present fraud is down for the first time ever in 2009. The deadline everyone wants to know about is actually for your vendors, not you as a merchant. Merchants were already supposed to be PCI compliant a while back, but that is pretty hard to do when your vendors have a different deadline. Anyway on 7.1.10 your vendors whose technology deals with credit cards (storing, processing, etc.) have to be PCI compliant. The good news is that Mail Order Manager has been PCI compliant for a while now. So clients can meet almost all of the requirements of PCI by simply upgrading to M.O.M. Version 7.
The other deadline is for your merchant bank. For them, they have to ensure that all of their new clients that they take on are PCI compliant. The merchant bank in essence, has become the PCI police. If your database is compromised, you will not be fined by PCI, Visa, AMEX, etc., but your merchant bank will and they will pass the fine on to you right out of your settlement account, possibly with notice but not permission. Remember where your merchant bank sits in the whole payments landscape:
So I have been saying it for a while, but merchants need to be pro active. We have heard through the grapevine that things will really heat up in terms of fines after the vendor deadline. So the first thing you need to do is talk to your bank about PCI. They are going to tell you that you need to be compliant. The easiest way to do that is to upgrade to Mail Order Manager v7. It’s up to you to find out more on this one… fast!