I was going to tackle one or two more PCI compliance myths over the next few weeks. But I’m hearing so much bellyaching from friends and colleagues in the industry about how difficult, costly and time consuming they find getting PCI compliant and maintaining PCI compliance for their businesses. It’s puzzling to me why some merchants find becoming PCI compliant so onerous.
I find it analogous to the implementation of the Federal Motor Vehicle Safety Standards in the United States in the 1960’s. Did the cost of operating a car go up after requiring safety standards for automobile manufacturers and importers? In fact the debate over mandating safety features like seat belts was hotly contested in congress at the time. Not many complain that any car you buy has to pass certain standards of safety these days. We just take it for granted that the manufacturer follows the standard. I don’t think about buckling my seatbelt and wouldn’t consider driving without it with or without state laws requiring seatbelts be worn. Why then make the PCI DSS out to be some horrible onus that’s just wasting everyone’s time?
Unless you just heard about the PCI DSS and no nothing about it, most merchants should soon realize that the goals set forth in the PCI DSS guidelines consist of many safety precautions they have already put into practice. Requirements such as 7.1 that verifies that access to computers and equipment that processes credit cards and other sensitive information is limited only to people that need access to them to perform their duties. Of course only authorized staff can use the equipment; it’s a no-brainer. Therefore everyone who processes credit cards and limits access only to authorized personnel can answer in the affirmative that they are meeting that requirement.
It doesn’t seem so hard from that perspective. It’s easier than you think especially if you are a small business. Even better than that, it can be free. When your service provider uses the PCI DSS requirement as an excuse to tack more fees on, tell them it should be free, and IS free at pcifree.com.