The PCI DSS (payment card industry data security standard) is a set of goals and requirements intended to guide merchants and financial services companies to the highest standards of network and data security. The PCI DSS was created from the template of Visa’s CISP (cardholder information security program) to contend with the rising incidence of credit card and identity fraud in a world that becomes more technologically advanced with each passing day. I keep my finger on the pulse of the electronic payments industry and employ the strongest personal protections for my and my family’s sensitive personal data, or I wouldn’t be writing this blog, preaching to the masses about their data security shortcomings. But I was recently almost the victim of fraud in a way I never could have predicted.
I took my four year old daughter to downtown Washington DC to the Verizon Center to see a live theatrical production of How to Train Your Dragon a few weeks ago, and it was fine, though in hindsight we ended up paying too much due to not researching discounts and coupons before our purchase. Though frustrating, agreeing to pay too much, even with your credit card and its built in protections, is not grounds for disputing the charge and is perfectly PCI compliant.
The attempted fraud was perpetrated in the subterranean stadium parking lot owned and operated by the Verizon Center. The fee to park was twenty dollars, also not a crime or violation under PCI compliance requirements, even though it might feel like it. As usual, I whipped out my Visa debit card, which works like either a credit card, requiring a signature for identity verification, or like a debit card, requiring a four digit PIN (personal identification number) code as identity verification. The woman taking fees and passing out parking passes abruptly stated “cash only” as I pulled out my wallet. I said nothing, mouth partway open, stunned that a place like the Verizon Center that would gladly take a credit card for everything, from ticket to merchandise to overpriced stadium hot dogs and drinks, halted at the payment options at the point of parking.
After a lot of hemming and hawing on my part, she finally relented and stated that only cash or “debit card” were payment options. I handed her my card relieved, and was handed back a receipt requiring my signature. By definition, this is a credit transaction, not a debit transaction. Only when I thought about it later did I realize that the woman was trying to scam me into giving her cash which she would have then pocketed. Again, the built in security of my credit card gave me the confidence to feel safer paying electronically rather than in cash.
If your business isn’t PCI compliant, it needs to be. See our home page for information on how you can become PCI compliant quickly and easily. Best of all, it’s free, and you can’t ask for more than that.