If you have a revenue control system, you probably know all about the requirements of the credit card companies and the infamous "PCI" compliance that is required of revenue control vendors. As of this moment, my guess is that if you asked your vendor if they are PCI compliant, they would begin a dance that would rival your Senior Prom.
The problem is no one has been able to completely nail down just what PCI means.Yes, Visa, which leads the cc companies, has rules, and yes, a vendor can be approved by getting a VISA appointed consultant to come and look at its software (a process that can cost upwards of six figures over time.)
Its much like being approved for UL., You get approved and then if you change one byte in the software, you have to be approved again. One vendor told me that simply keeping the proper documentation is a full time job.
So what are manufactures going to do? Do they charge extra if you want this compliance? (Everyone isn’t approved by the way, so you should check on the VISA web site to see if yours is). So do they support two different software packages?
I got two different answers. One group says they support two different software packages and if you want PCI compliance, you have to pay a fee, which is, in some cases substantial, for the approved software. The other group says that they are concerned customers my be confused, order the wrong thing, and then not be in compliance and have problems down the road, so they are making all their software compliant, and raising their overall prices to cover the software costs.
Tread carefully, talk to everyone about this issue. And remember — just because your equipment is PCI compliant, that doesn’t mean you are off the hook. The other issues concern just how your deal with credit cards, hard copies, storage, and the like as a part of your business. There’s a lot of liability out there.
For instance, in one case, a set of revenue control equipment reported more than the last four digits (five) of the card numbers in their printouts. That’s a no no. The feds came after the company and fined them a lot. (The fine can be up to $100 per infraction, and the infractions could number in the thousands.)