I am the first one to agree that our credit card information must be kept secure. And that the equipment that collects that data in parking operations must be designed so that the numbers can’t be viewed by outsiders. I also agree that Visa et all have a responsibility to their customers to ensure that data is as safe and secure as possible.
All that having been said, the mind boggles at what has been required of our vendors by the credit card suppliers. One supplier told me the other day that it costs them over 100 grand a year just to do the paperwork required. Another noted that the cost of simply being approved was six figures. And of course that only covers the cost for a certain set of software. If you have an upgrade, then you need to get approved all over again.
And guess who pays for all that…You do. If a manufacturer sells 50 systems a year that accept credit cards, then there is going to be another 3 to 4 thousand dollars each added on to cover just their costs to be compliant with the requirements of the credit card issuers.
AND guess what? it most likely is all for nothing. Here’s the dirty little secret. Credit card numbers are being stolen all the time. A clerk in a shop, a waiter in a restaurant, a pickpocket in an airport. They all steal credit cards and use them. The reason, the data on the card is extremely easy to copy, read, and then use. It doesn’t take rocket science, just a trip to radio shack and a soldering iron.
The only real solution is to have a pin associated with your card and that pin has to be kept at a central, secure location by the credit card company. (Like the PIN on your cash card that you use to get money from the ATM.) Then,. if someone steals your credit card, its useless, since they need to know the pin, and the only place its known is in the bank’s secure database.
All the encryption, algorithms, and fancy software only bets that its writer is smarter than everyone else…And there is a 12 year old out there that, lets face it, is smarter than you.
Should our manufacturers continue? Of course, they have no choice. They also have no choice but to pass the cost of the PCI compliance along to you.
JVH
One Response
I can see up to $1000 / year for a small merchant maybe.