PCI Compliance – Do it or cease doing business

It doesn’t get any simpler than this, dear reader. By October 2010 any merchant that is not PCI compliant will be de-certified and must stop accepting cards.

I told you it was coming and now, according to an article in ecommerceguide.com it’s here. Starting next month there will be a year-long effort by processors to de-certify (essentially close down) any Level 4 merchants that are not PCI compliant. Level 4 Merchants are defined as those with fewer than 20,000 Visa transactions, and fewer than 1,000,000 total transactions per year. Most small vendors will fall into this category.

This will have far-reaching effects on a significant portion of on-line business as we know it. Any on-line store that processes cards on their own site will feel a major impact. For example, if you have an online store with on-site processing that is hosted in an inexpensive shared or “virtual” hosting environment you will not be able to pass PCI standards.

And I would remind you that ALL merchants who accept credit cards must be PCI compliant. It doesn’t matter if you do business on-line, by phone or mail, or in person. The steps you need to take towards compliance are different but if you accept credit cards you must be compliant. I’ll say that again. If you accept credit cards you must be PCI compliant. And you will be compliant by October of 2010 or you will no longer be able to accept credit cards as a form of payment. It’s not an option.

I can’t make it any plainer than that. As a merchant, it’s PCI compliance or die. As a merchant advocate I have mixed feelings on this. I’d venture to say that most Merchant911.org members know how to protect themselves from fraudulent transactions but that doesn’t mean that they shouldn’t protect their customers and other merchants from being victims. On the other hand, the concept of a huge volume of paperwork and quarterly scans at $99 a year is going to put a significant number of small merchants out of business. That’s sad.