Merchants of all sizes love to hate PCI. In a perverse sense then, PCI can be a payment facilitator’s best friend. The more complicated, difficult and agonizing PCI guidelines become, the more merchants-especially smaller ones-will find tremendous value in pawning off the PCI duties to someone else, especially someone else-such as a PF-that knows PCI and other compliance rules intimately.
It’s for that reason that what the PCI Security Standards Council did last week is so important. Not only are they making the rules more demanding and complicated-a necessary move to boost the rules’ security-but they are now applying the rules far more broadly, implicating executives who had never before had to directly deal with PCI. Put into corporate terms, it’s one thing to infuriate a bunch of CIOs and CISOs, but it’s quite a different thing to infuriate their CFO, COO and CEO bosses as well as their bosses, namely board members. And yet that’s exactly what the council is doing.