Author

Topic: The Expense of PCI Compliance (Read 1757 times)

donator
Activity: 544
Merit: 500
January 15, 2012, 08:40:56 AM
#5
The merchant does not have to comply with PCI themselves merely because they accept credit card payments, only when they process them. They can use a third party system, a payment processor like paypal and then they shift the PCI compliance costs to them. Obviously it still costs something but the processor can achieve a lower unit price because they specialise.

I used to work at a payment processor and a large part of my work was designing and implementing PCI compliance. I can easily imagine that if you want to DIY, it's going to cost you a lot.
hero member
Activity: 742
Merit: 500
January 15, 2012, 05:40:15 AM
#4
It is not uncommon for a business to spend over $100,000 each year for PCI compliance.  Read this:

http://www.networkworld.com/news/2010/030110-pci-compliance-audit-cost.html
sr. member
Activity: 277
Merit: 250
January 14, 2012, 10:48:10 PM
#3
I just set up credit and interac online recently... And dont store any customer info, what rates do you get when you store the info yourself instead of using a processor?
hero member
Activity: 742
Merit: 500
January 14, 2012, 05:43:41 PM
#2
I'm sure this has probably been mentioned before, but I figured I would mention it anyway.  When selling things on the web (and outside the web), the cost of PCI compliance for software, websites, and small business owners can be prohibitive.  If they used bitcoin instead, they wouldn't have to go through a lengthy, costly (and ongoing costly) compliance with the PCI spec (and would still be inherently safer).

Don't get me wrong, I'm a big proponent of a lot of the PCI spec, but it can be a burden on small businesses.

We talked to a few large businesses at CES this week.  They were very interested in bitcoins as a payment method because it eliminates all of the PCI compliance costs and hassles. 

Square was also at CES and many people were visiting our booth after they talked to Square.  Square is a convenient way to collect a payment, but it's still built on the credit card system and doesn't solve any of the problems of chargebacks or PCI.

It is very expensive for a company to safeguard all of this sensitive information, not only from hackers but also from their own employees.  Plus companies get to pay each year for a mandatory audit.  It's a real hassle.  Bitcoins are by far the most merchant friendly payment system available today, and we got that point across to some very important people this week.
newbie
Activity: 47
Merit: 0
January 14, 2012, 11:46:51 AM
#1
I'm sure this has probably been mentioned before, but I figured I would mention it anyway.  When selling things on the web (and outside the web), the cost of PCI compliance for software, websites, and small business owners can be prohibitive.  If they used bitcoin instead, they wouldn't have to go through a lengthy, costly (and ongoing costly) compliance with the PCI spec (and would still be inherently safer).

Don't get me wrong, I'm a big proponent of a lot of the PCI spec, but it can be a burden on small businesses.
Jump to: