If you have a revenue control system, you probably know all about the requirements of the credit card companies and the infamous "PCI" compliance that is required of revenue control vendors. As of this moment, my guess is that if you asked your vendor if they are PCI compliant, they would begin a dance that would rival your Senior Prom.
The problem is no one has been able to completely nail down just what PCI means.Yes, Visa, which leads the cc companies, has rules, and yes, a vendor can be approved by getting a VISA appointed consultant to come and look at its software (a process that can cost upwards of six figures over time.)
Its much like being approved for UL., You get approved and then if you change one byte in the software, you have to be approved again. One vendor told me that simply keeping the proper documentation is a full time job.
So what are manufactures going to do? Do they charge extra if you want this compliance? (Everyone isn’t approved by the way, so you should check on the VISA web site to see if yours is). So do they support two different software packages?
I got two different answers. One group says they support two different software packages and if you want PCI compliance, you have to pay a fee, which is, in some cases substantial, for the approved software. The other group says that they are concerned customers my be confused, order the wrong thing, and then not be in compliance and have problems down the road, so they are making all their software compliant, and raising their overall prices to cover the software costs.
Tread carefully, talk to everyone about this issue. And remember — just because your equipment is PCI compliant, that doesn’t mean you are off the hook. The other issues concern just how your deal with credit cards, hard copies, storage, and the like as a part of your business. There’s a lot of liability out there.
For instance, in one case, a set of revenue control equipment reported more than the last four digits (five) of the card numbers in their printouts. That’s a no no. The feds came after the company and fined them a lot. (The fine can be up to $100 per infraction, and the infractions could number in the thousands.)
JVH
One Response
The fact is that both Visa and MasterCard products in the US were never made for small dollar transactions at unattended devices. Rather than issuing new card products which will of course cost the owners – the BIG Banks – they have chosen to force everyone into their onerous rules with questionable security features – PCI. And now you will have to pay for it too whether you are a vendor or a city government. In fact, we will all pay since Visa and MC accept no liability for any of their transactions – the rest of us do instead e.g., the vendors,the cities, and the merchants. Yes the liability chain stops with us not Visa/MC. The risk is all yours as they say. And now you will pay for their security as well. This will never end.
To add insult to injury in the small dollar transaction world(an average $1 transaction these days costs at least $.17 to process) the banking interchange fees were increased this past April by both Mastercard and Visa. These are the fees the merchant or government must pay to the card issuing bank(Citibank)via MC/Visa; in turn, the merchant processors who are collecting all the transactions on behalf of unattended device owners/merchants/governments are all going to have to increase rates if they want to keep the same margins. This never ends either and both Visa/MC always raise their interchange fees.
I recommend learning what the real fee structure is for a credit/debit transaction for your type of business. And remember that fee structure is a fixed per unit price($.10-15) plus a variable rate(2% for example) on every type of card and transaction you see running through your business. If the merchant acquirer blends the rate they are not really letting you know what you are paying. They are hidinig it on purpose. End users need to know what the real rates are and should get that cooperation from their transaction vendors.
I think the parking industry is finally coming to terms with the fact that credit and debit is not the whole answer but only part of the solution. And for every incremental revenue claim attached to credit/debit usage, there are a host of operating costs which must be understood and carefully examined before anyone can truly understand the bottom line of credit and debit processing. Dont listen to gross revenues, find the net revenues. It is very revealing.
For example, did you know that you must pay additional fees into the interchange system for rewards cards, foreign cards, cards authorized later than 24 hours post transaction, and a variety of other pecuniary fees most managers dont know anything about. My advice is to research the cost of transactions carefully while understanding your liability including the onerous charge back rules.
I worked for Visa USA for many years. I can guarantee none of this is going away and PCI compliance is just the tip of the iceberg of future costs for all of us.
JR