For small businesses like mine the annual PCI DSS compliance review is just unnecessary red tape. Although I accept that there needs to be legislation in place to protect card details, this could be served by a simple set of standards, rules and guidelines that all businesses must follow.

We don't keep any card details, other than keeping the merchant copy of a transaction slip for six months before shredding them, so why should I have to complete a lengthy questionnaire every year? If our card handling system has been found compliant, why do I have to apply for verification of compliance every year? Why not just make it necessary for me to report any changes? Yet again this appears to be a regulation where we have to confirm how we are doing something so that someone else can decide we are doing nothing wrong. It just seems like another job creation scheme.

Why is this idea important?

Cutting down red tape for businesses. This would reduce time wasted filling out forms with the same answer every year.

Saving costs. People are being paid to check all the forms. No forms to check = no people to pay to check them.

Greater levels of security. At the moment there are no real sanctions for not applying for PCI DSS compliance, other than higher charges from your merchant service provider. Instead of applying for compliance the retailer should be given a set of standards or rules to adhere to and failure to work to those standards should result in them being refused card payment facilities. The consumer would be much better protected in this way.

Leave a Reply

Your email address will not be published.