The love-hate relationship that is the American retailer, bank and credit card marriage is nothing but complex.
There are few partners that ignite such wrath and venom within retailers than their credit card partners and their—well, lets just say “generous”—interchange fees. On the flip side, the banks and credit card companies seeing themselves as having to pay the PCI piper whenever theres a data breach, even if—from the bank/card perspective—that breach was the fault of the reckless retailer.
But similar to so many business relationships, hatred can be trumped by only one thing: greed. Which is the most terrifying? The prospect that a retailer may no longer be able to accept major credit cards or that the banks and card companies will lose all of that revenue to alternative payment vendors?
The headline for this piece said that Visa Blinks, which it did. But that phrase traditionally equates blinking with losing, borrowed from the classic staring contest. Thats not how we mean it. In some cases—such as this one—blinking can be a realistic conclusion that flexibility may be the best course.
For more than a year, Visa has tried multiple variations of using a carrot and stick to get retailers PCI compliant. The stick has always been that fines and higher interchange fees will kick in after Sept. 30. for those retailers who are not certified PCI compliant.
Now that the date will happen next month, Visa and others are softening their position. Instead of being shut out from discounted interchange fees, non-compliant retailers (bad boys being banned from binary benevolence?) are being told they can have their discount fees, but not as much of a discount. The fines will indeed start but not for everyone. Possibly not for anyone. Full Visa discretion.
Thats probably a good and practical approach. But is it going to advance their stated position, namely to get more retailers compliant? Unlikely as its not addressing the reasons those retailers have resisted compliance in the first place.
There are two kinds of non-compliant Level 1 retailers out there and both truly want to be compliant: those that are trying, but cant get over PCI hurdles to get the certification; those that arent trying anymore, either because theyve given up or they never cared that much.
Visas efforts assume that all retailers are in that second category, that is once they are only sufficiently motivated, theyll make the effort to get compliant.
But for most of the retailers I hear from, their complaints are focused elsewhere. Number one on the list: we cant afford to make the chain secure up to PCIs specs. For some, its just griping, but for many, its a very legitimate complaint. With margins so razor thin, it cant make sense for any retailer to lose money for the privilege of accepting credit cards.
Granted, this isnt the case for all Level 1s, but its a huge concern for many midsize retailers. Ironically, its not as much of a concern for super small retailers because the dollars required to get them up to PCI specs are much less.
In short, for smaller merchants, Visas probably right. For them, it is mostly an attitude adjustment. For many Level 1s, though, its a very different story.
Then there are the complaints about consistency and conflicts of interest. But the process of getting certified compliant is quite time-consuming. Theres probably a bit of logic in reallocating a chunk of the effort Visa is using to threaten retailers and put it toward making the certification process simpler, easier and much less time-consuming.
If the focus is placed on making it less expensive—being respectful of the retailers right to make a living—and a lot faster, theres a fine chance Visa might be able to save its threats for midsized retailers who need the motivation.
Retail Center Editor Evan Schuman has tracked high-tech issues since 1987, has been opinionated long before that and doesnt plan to stop any time soon. He can be reached at Evan_Schuman@ziffdavis.com.
To read earlier retail technology opinion columns from Evan Schuman, please click here.
