The Mid-West Acquiring Association has awarded Donne Embry a lifetime achievement award. I personally think it is a honor that is long overdue. I have known Donna for longer then either of us will admit to and she is one of the good guys. Always quietly working in the background while others go for the credit, she is and always has been the consummate professional. Congratulations Donna, you earned it.
Paul Martaus
Visa proudly stands behind their pronouncement that no organization that is certified as PCI compliant has ever been breached. Think about that – NEVER! Doesn’t that strike anyone as odd? Billions of dollars have been spent by thousands of companies to ensure that they are PCI compliant, yet the crooks always seem to target those companies that are not PCI compliant. How is that possible? Is there a list somewhere that only crooks have access to that identify these errant companies? Do they have some sort of mark that sets them apart?
Well, actually they do. Every company that has been breached thus far accepts or processes Visa and MasterCards. As such, they fall under Rule 6 of the PCI compliance rules. Paraphrasing Rule 6 - “All participating companies will develop and maintain secure systems and applications.” This rule seems, on the surface, to be innocuous, but upon reflection, it is incredibly nefarious. Why? Because taken to its logical conclusion, it is impossible to ever be PCI compliant. NEVER! Think about it, if you have suffered a breach, you have not maintained a secure system or application and therefore are in violation of Rule 6, thus are not PCI compliant. Now that’s a rule!
No wonder Visa is so strident and resolute in its pronouncement. Logically, they are absolutely right. In the real world where the rest of us live, however, it doesn’t quite ring true. There is something a bit out of whack with the logic. It would seem appropriate, in light of this rule, that all parties that accept or process Visa and MasterCards abandon any further efforts to become PCI compliant and redirect all current and future PCI related dollars into a huge legal defense fund dedicated to destroying the rule making bodies that promulgate or enforce PCI regulations. It only seems right to fight fire with fire.
Another thing about PCI compliance drives me crazy. Visa and MasterCard both maintain that they only enforce the rules promulgated by the PCI council – like they are at arm’s length in the process, although they both are founding and funding members of that august body. Yet they are both “for profit” companies. As such, creating shareholder wealth is their prime directive and motivator. Given that scenario, would it seem too Machiavellian to consider that one way to maximize revenues is to develop a set of standards that cannot be met, thus ensuring a steady flow of income? Just a thought!
Paul Martaus
Unaccustomed as I am to being positive about a lot of things related to our business, I find myself compelled to give credit where credit is due (no banking related pun intended). The recently announced merchant processing relationship between FDC and Bank of America represents a solid win for FDC. Any serious analysis of FDC’s long term prospects following the de-coupling with Chase resulted in questions concerning long term viability. It appeared to many industry observers that the remaining revenue streams from the many and varied FDC business lines were just not strong enough to sustain the entire organization over the long haul. A collapsed economy certainly did not help FDC’s prospects either.
With this announcement, FDC has managed to pull a huge and profitable rabbit out of its hat. The entire industry has long been aware of Bank of America’s struggle to compete effectively in the merchant services arena. Given its huge branch network, B of A seemed destined to become THE dominant player in the industry. But the potential energy was never converted to kinetic. B of A’s abhorrence of interaction with the ISO community, combined with its apparent lack of any recognition of the inherent value of a merchant relationship resulted in no coherent merchant services strategy. If there is one thing FDC can bring to a party it is a thorough understanding of the value of a merchant service relationship, combined with a deep appreciation of the ability of an ISO to close business.
Another strength FDC brings to the table is its ability to recognize an easy mark when it sees one, and its absolute commitment to take full advantage of an opportunity when one presents itself. And B of A certainly fits the profile of an easy mark – lots of money, lots of merchants, lots of potential to access more and no discernible talent in the merchant services marketplace. A marriage made in heaven. The marketplace can certainly anticipate a lot more heavy competition in the future as this relationship reaches fruition. Congratulations to FDC on a well earned win.
Paul Martaus
Read more...Posting to the blog was suspended for a month due to personal circumstances. My humble apologies to all - now, back to our regularly scheduled programming.
Read more...
© Free Blogger Templates Spain by Ourblogtemplates.com 2008
Back to TOP
