For a couple of months spanning the first and second quarters of this year, Integrated Solutions For Retailers surveyed its subscribers — hundreds of retailers from many segments, ranging the gamut from small and regional chains to tier-one enterprises — on their perceptions of the PCI DSS (Payment Card Industry Data Security Standard). The survey results surprised us. Respondents exuded nearly equal parts confidence, confusion, dismay, and ignorance. Some gloated. Some swore.
We quickly realized that many retailers were upset about the standard. Leading the list of reasons why were: 1.) Nobody likes mandates, and 2.) many misunderstand this one. Then we talked to some payment processing solutions providers about sponsorship of the report. Some of them were mad, too. While none denied the power of the standard as a rallying point to market payment solutions, several were dismayed that the keeper of the mandate, the PCI SSC (Payment Card Industry Security Standards Council), would not overtly recognize their specific solutions or technologies as compliance-enablers. So, while the survey was still live, we called Troy Leach, technical director at the PCI SSC, and shared some of our more colorful findings with him.