We’ve been receiving increasing reports from booksellers that they have been receiving somewhat menacing letters  regarding PCI compliance from credit card processors, listing all the potential penalities for non-compliance, such as the following excerpt from one such letter:

Not terribly startling, except this is the first many booksellers have really heard of PCI/DSS compliance.  In the past, the payment industry has focused on enforcing these rules on large businesses – and even then, the pressures and requirements have been scaled according to volume of sales.  For example, Biblio.com is considered a PCI Level 3 merchant, and as such, we’ve had to undergo fairly rigorous measures for PCI compliance over the past few years.  However, even this has paled somewhat to the requirements posed on larger companies, such as some of our larger competitors.

But, as these letters indicate, the “grace period” for smaller businesses is coming to a close – reportedly due to fairly heavy lobbying from some larger businesses who are looking for a “more level playing field” (poor WalDisnAzon!).  Now, all merchants will effectively be required to comply with the same level of measures as the extremely large Level 2 and Level 1 merchants.

And, that’s not going to be easy for the mom and pop bookseller.

OK, so, what if booksellers simply ignore these requirements?

Unfortunately, the letters usually continue to inform the bookseller that they are going to be assessed a monthly PCI-compliance fee, generally of $14.95 to $29.95 – unless they can certify their compliance:

Great, so all booksellers have to do is confirm their certification to avoid this “PCI tax”, right?

Yes, but this is where the level playing field theory falls apart.  We are talking of near-draconian requirements that exceed the abilities (or at least render compliance cost ineffective) for the vast majority of booksellers.  In effect, leveling the playing field has raised the bar for competition from smaller businesses.

But, how bad is it really?  Rather than enumerate all of the points, I’ll simply point the reader to the specification itself on the PCI website in all its 73 page glory: PCI requirements.

So, the whole carnival is tantamount to one simple thing, as far as your average bookseller is concerned: a monthly tax.  There is simply no way that most very small businesses could realistically comply with the regulations, so this is little more than a money grab on behalf of the payment industry, and a great way to squeeze an additional $30 a month out of, I don’t know, a few million small businesses?  That’s one way to shore up your bottom line in a recession…