Non-PCI Compliant Credit Card Machines Phased Out in 2010
Why do you need a PCI compliant credit card machine
Because we live in an insecure world
In January 2009, Heartland Payment Systems announced a data breach that may have compromised tens of millions of credit and debit card transactions. This breach was one of the largest in history, and came on the heels of another large break in December 2008 of RBS Worldplay (a susidential of Citizens Financial Group Inc.) which compromised 1.5 million credit card numbers. Other large breeches include Hannaford Brothers Co. in March 2008 (4.2 million numbers), and TJX Companies, Inc. (Marshalls and TJ Maxx) in 2007, who reported 45 million numbers had been compromised over a 3-year period.
Closer to home, I received new Discover Cards in the mail last week with a short explanation that our account had been compromised.
What are PCI standards?
PCI (Payment Card Industry) standards are provided by the PCI Security Standards Council, an organization founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. to promote security through strict guidelines and education. In order for a processing terminal to be deemed "PCI compliant", it must meet the high security standards of the Council which have been put in place to prevent cardholder information from being stolen or tampered with. For instance, a PCI compliant credit card machine will not retain transaction information after a daily batch has been submitted to a payment processor.
Will your credit card machine become a dinosaur?
In 2008, Visa / Mastercard began a 5-phase process that would phase out insurance credit card processing equipment by requiring that payment processors only offer PCI compliant credit card terminals to NEW merchant account customers. The fifth phase will be implemented in July, 2010. At that point payment processors will require ALL merchants to use PCI compliant terminal. What will it cost to replace my card processing equipment with a PCI compliant terminal?
Many merchants are finding that the cost to replace their current credit card processing equipment can be quite expensive. A recent post at the Small Business Ideas Forum stated:
I recently received a letter from my merchant services provider saying that the device I have been using to accept credit cards for the last eight years needs to be replaced because of new regulations that are being put into place by Visa and MasterCard. They say I could be fined if i do not replace it with a new state of the art terminal! I looked into it, and it is true that they are implementing new security standards that are phasing out a lot of the older credit card terminals effective on 7/1/2010.
In my opinion it's just a scam by Visa and MasterCard to sell credit card terminals! But what do I know? The bad part is that the credit card terminal my provider is offering to replace my old one costs $ 600 !!!
While this poster is definitely wrong about the new guidelines being used as a means for Visa / MasterCard to increase their profits, I'm sure the cost of replacing his equipment was a shock. Thankfully, there is a cost-effective solution when it comes to terminal replacement. Merchant service providers, such as Money Tree Merchant Services include free credit card machines or wireless terminals as part of their merchant account packages. When you become a new retail customer, your equipment is automatically upgraded to a PCI compliant terminal at no additional cost.
PCI compliance is a matter of security and safety not just for you as a merchant, but for your customers as well. Security should be viewed as a benefit, a benefit that your company can promote. In the end it will bring in more income and the cost does not have to be prohibitive.