Comments on: PCI And Its Predatory Practices – What Went Wrong?

By: Rob Mangiafico

Rob Mangiafico — Tue, 09 Mar 2010 01:54:40 +0000

Thanks for commenting. Although it may not be plausible or economical for a merchant processor to visit every client, my intent was to highlight the failure of many banks and merchant processors when it comes to helping their clients (merchants) understand PCI. When the merchant calls their provider, they are often given incorrect information, no information, or told to talk to someone else.

My point was to shed some light on a system that is predatory in nature, uses hidden fees and confusing requirements to often put profits above “real” security, and has encouraged an atmosphere of just trying to pass PCI instead of actually improving actual security.

I’m not attacking the PCI SSC organization directly. What I’m “attacking” is the implementation by ASVs and merchant account providers. We field so many support emails and calls about PCI issues, where the merchant is often very confused and just trying to meet all the requirements, all the while trying to make a living and accept payments from customers. Pushing the onus on the merchant to handle security is not the right answer in my opinion.

I wish I had the actual answer to this problem, but I’d have to be a lot smarter and able to leap tall buildings in a single bound. 😉

By: Contrarian View

Contrarian View — Mon, 08 Mar 2010 23:07:49 +0000

Interesting article, but is one of your solutions really plausible?… having people from merchant processor actually visit each merchant. Who would you suggest pay for this? Not to mention the cost of labor, what about the traveling/transportation costs? You mention in your article that you are upset about the fees and then mention a solution that will cause fees to go through the proverbial roof.

By the way, the PCI SSC is a unifying standards organization. Rather than simply complaining that the standards organization doesn’t provide unified info, your article fails to articulate exactly what “standard” you found somewhere else that is missing on PCI SSC website.

Thanks

By: Rob Mangiafico

Rob Mangiafico — Wed, 16 Dec 2009 19:47:19 +0000

Thanks for the vote of confidence Steve! PCI is quite a mess, although if you limit your exposure to the actual card numbers, it can be simplified. Hopefully the industry gets the hint and starts to make it more straightforward and merchant friendly in 2010.

By: Steve

Steve — Wed, 16 Dec 2009 19:26:19 +0000

Excellent article. Excellent journalism.

I agree with everything you’ve said, and want to thank you for helping me navigate the PCI mess.

You ought to distribute that article to a broader forum.

Cordially,

Steve / AdCracker.com

PS: I ignore the phone calls from the telemarketing creeps.

By: uberVU - social comments

uberVU - social comments — Tue, 15 Dec 2009 20:13:53 +0000

Social comments and analytics for this post…

This post was mentioned on Twitter by LexiConn_Inc: New blog post – PCI and Its Predatory Practices – What Went Wrong? http://bit.ly/6Hs0w2 #pci #ecommerce…

By: Tweets that mention PCI And Its Predatory Practices – What Went Wrong? -- Topsy.com

Tue, 15 Dec 2009 15:10:30 +0000

[…] This post was mentioned on Twitter by LexiConn, LexiConn. LexiConn said: New blog post – PCI and Its Predatory Practices – What Went Wrong? http://bit.ly/6Hs0w2 #pci #ecommerce […]